33 upvotes00 downvotes

2K views91 pagesUNIT - 2
SYMMETRIC CIPHERS: Symmetric Cipher Model, Substitution Techniques, Transposition Techniques, Simplified DES, Data encryption standard (DES), The strength of DES, Differential and Linear Cryptanalysis, Block Cipher Design Principles and Modes of Operation, Evaluation Criteria for Advanced Encryption Standard, The AES Cipher.

Apr 25, 2018

© © All Rights Reserved

PDF, TXT or read online from Scribd

UNIT - 2
SYMMETRIC CIPHERS: Symmetric Cipher Model, Substitution Techniques, Transposition Techniques, Simplified DES, Data encryption standard (DES), The strength of DES, Differential and Linear Cryptanalysis, Block Cipher Design Principles and Modes of Operation, Evaluation Criteria for Advanced Encryption Standard, The AES Cipher.

© All Rights Reserved

2K views

33 upvotes00 downvotes

UNIT - 2
SYMMETRIC CIPHERS: Symmetric Cipher Model, Substitution Techniques, Transposition Techniques, Simplified DES, Data encryption standard (DES), The strength of DES, Differential and Linear Cryptanalysis, Block Cipher Design Principles and Modes of Operation, Evaluation Criteria for Advanced Encryption Standard, The AES Cipher.

© All Rights Reserved

You are on page 1of 91

Assistant Professor – Dept of E&CE

B.G Nagara, Nagamangala Tq, Mandya District- 571448

NETWORK SECURITY 10EC832

NETWORK SECURITY

PART-A

UNIT-2

SYMMETRIC CIPHERS: Symmetric Cipher Model, Substitution Techniques,

Transposition Techniques, Simplified DES, Data encryption standard (DES), The strength of

DES, Differential and Linear Cryptanalysis, Block Cipher Design Principles and Modes of

Operation, Evaluation Criteria for Advanced Encryption Standard, The AES Cipher.

TEXT BOOK:

1. Cryptography and Network Security, William Stalling, Pearson Education, 2003.

REFERENCE BOOKS:

1. Cryptography and Network Security, Behrouz A. Forouzan, TMH, 2007.

2. Cryptography and Network Security, Atul Kahate, TMH, 2003.

NETWORK SECURITY 10EC832

SYMMETRIC CIPHERS: Symmetric Cipher Model, Substitution Techniques,

Transposition Techniques, Simplified DES, Data encryption standard (DES), The strength of

DES, Differential and Linear Cryptanalysis, Block Cipher Design Principles and Modes of

Operation, Evaluation Criteria for Advanced Encryption Standard, The AES Cipher.

1. SYMMETRIC CIPHERS

The coded message is called the cipher text.

The process of converting from plaintext to cipher text is known as enciphering or

encryption.

Restoring the plaintext from the cipher text is deciphering or decryption.

The many schemes used for encryption constitute the area of study known as

cryptography. Such a scheme is known as a cryptographic system or a cipher.

Techniques used for deciphering a message without any knowledge of the enciphering

details fall into the area of cryptanalysis.

The areas of cryptography and cryptanalysis together are called cryptology.

Plaintext: This is the original intelligible message or data that is fed into the

algorithm as input.

NETWORK SECURITY 10EC832

transformations on the plaintext.

Secret key: The secret key is also input to the encryption algorithm. The key is a

value independent of the plaintext and of the algorithm. The algorithm will produce a

different output depending on the specific key being used at the time. The exact

substitutions and transformations performed by the algorithm depend on the key.

Cipher text: This is the scrambled message produced as output. It depends on the

plaintext and the secret key. For a given message, two different keys will produce two

different cipher texts. The cipher text is an apparently random stream of data and, as it

stands, is unintelligible.

Decryption algorithm: This is essentially the encryption algorithm run in reverse. It

takes the cipher text and the secret key and produces the original plaintext.

Encryption Requirements: There are two requirements for secure use of

conventional encryption

1. The encryption algorithm must be strong.

At a minimum, an opponent who knows the algorithm and has access to one or

more cipher texts would be unable to decipher the cipher text or figure out the

key.

In a stronger form, the opponent should be unable to decrypt cipher text or

discover the key even if he or she has a number of cipher texts together with

the plaintext for each cipher text.

2. Sender and receiver must have obtained copies of the secret key in a secure

fashion and must keep the key secure. If someone can discover the key and knows

the algorithm, all communication using this key is readable.

We assume that it is impractical to decrypt a message on the basis of the Cipher text plus

knowledge of the encryption/decryption algorithm. In other words, we do not need to keep

the algorithm secret; we need to keep only the key secret.

NETWORK SECURITY 10EC832

figure:

X= [𝑋1, 𝑋2, 𝑋3, .............𝑋𝑀, ].

A key of the form is K= [𝐾1, 𝐾2, 𝐾3,.............𝐾𝐽 , ] generated.

If the key is generated at the message source, then it must also be provided to

the destination by means of some secure channel.

Alternatively, a third party could generate the key and securely deliver it to

both source and destination.

The cipher text is produced by the encryption algorithm with the message X and the

encryption key K as input.

Y=E (K, X)

the plaintext X, with the specific function determined by the value of the key K.

NETWORK SECURITY 10EC832

The intended receiver with the key is able to invert the transformation:

X=D (K, Y)

both. It is assumed that the opponent knows the encryption (E) and decryption (D)

algorithms.

1. The Type of operations used for transforming plaintext to cipher text. All

encryption algorithms are based on two general principles:

Substitution: each element in the plaintext (bit, letter, group of bits or letters)

is mapped into another element,

Transposition: elements in the plaintext are rearranged.

reversible). Product systems involve multiple stages of substitutions and

transpositions.

If both sender and receiver use the same key, the system is referred to as

symmetric, single-key, secret-key, or conventional encryption.

If the sender and receiver use different keys, the system is referred to as

asymmetric, two-key, or public-key encryption.

NETWORK SECURITY 10EC832

A block cipher processes the input one block of elements at a time, producing an

output block for each input block.

A stream cipher processes the input elements continuously, producing output one

element at a time, as it goes along.

Or

CRYPTOGRAPHY [DEC-2013 / JAN-2014 (4M)]

The word cryptography was derives from combining 2 Greek words. “Krypto” it

means “hidden” and “graphene” meaning “writing”. Cryptography is the art of secret

information writing or secret data writing.

The main goal of cryptography is a data secure from unauthorized persons or

attackers or hackers.

Cryptography is a method of storing and transmitting data in a particular form so that

only those for whom it is intended can read and process it.

Encryption is a technique for transforming plain-text into an unreadable cipher-text or

unintelligible format.

Decryption is a technique for transforming cipher text (unreadable data) into plain text

or original data (secret or confidential data).

The key is also a group of bits which as a major role in the process of encryption and

decryption.

Types of Cryptography

1. Symmetric Key Cryptography (Secret Key Cryptography)

2. Asymmetric Key Cryptography (Public Key Cryptography)

3. HASH FUNCTION

NETWORK SECURITY 10EC832

cryptography or shared key or private key cryptography and it uses a same key or

single-key for both of encryption & decryption method. The Symmetric key system is

the DEC (data encryption standard).Symmetric key cryptography systems are simpler

and faster.

keys used for encryption and decryption. The different keys are a private key & a

public key.

information. It is a one-way encryption. Uses no key for encryption and decryption.

Advantages

Enter (key) length will be generally short.

Symmetric key cipher can be joined together to prepare stronger ciphers.

It hides those secret or confidential messages and your protection or privacy may be

sheltered or protected or safe.

application

On line banking.

On line transaction.

Media data base system.

Medical application. Etc

The objective of attacking an encryption system is to recover the key in use rather

than simply to recover the plaintext of a single cipher text. There are two general approaches

to attacking a conventional encryption scheme:

algorithm plus some knowledge of the general characteristics of the plaintext or

some sample plaintext–cipher text pairs. It exploits the characteristics of the

algorithm to attempt to deduce a specific plaintext or to deduce the key being

used.

NETWORK SECURITY 10EC832

Brute-force attack: The attacker tries every possible key on a piece of cipher text

until an intelligible translation into plaintext is obtained. On average, half of all

possible keys must be tried to achieve success.

If either type of attack succeeds in deducing the key, then future and past messages

encrypted with that key are compromised.

The following table summarizes the various types of cryptanalytic attacks based on the

amount of information known to the cryptanalyst.

Attack

Only Cipher text

Plaintext Cipher text

One or more plaintext–cipher text pairs formed with the secret key

Plaintext Cipher text

Plaintext message chosen by cryptanalyst, together with its

corresponding cipher text generated with the secret key

text Cipher text

Cipher text chosen by cryptanalyst, together with its corresponding

decrypted plaintext generated with the secret key

6 SUBSTITUTION TECHNIQUES

The two basic building blocks of all encryption techniques are substitution and

transposition. A substitution technique is one in which the letters of plaintext are replaced by

other letters or by numbers or symbols.1 If the plaintext is viewed as a sequence of bits, then

substitution involves replacing plaintext bit patterns with cipher text bit patterns.

NETWORK SECURITY 10EC832

The encryption rule is simple; replace each letter of the alphabet with the letter

standing 3 places further down the alphabet.

The alphabet is wrapped around so that Z follows A.

Example:

Note that the alphabet is wrapped around, so that the letter following Z is A.

We can define the transformation by listing all possibilities, as follows:

Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z

Cipher: d e f g h i j k l m n o p q r s T u v w x y z a b c

Let us assign a numerical equivalent to each letter:

a b c d e f g H i j k l m

0 1 2 3 4 5 6 7 8 9 10 11 12

n o p q r s t u v w x y z

13 14 15 16 17 18 19 20 21 22 23 24 25

Then the algorithm can be expressed as follows. For each plaintext letter p, substitute

the cipher text letter.

C = E (3, p) = (p + 3) mod 26

A shift may be of any amount, so that the general Caesar algorithm is

C = E (k, p) = (p + k) mod 26

Where k takes on a value in the range 1 to 25. The decryption algorithm is simply

p = D (k, C) = (C - k) mod 26

If it is known that a given cipher text is a Caesar cipher, then a brute-force

cryptanalysis is easily performed: simply try all the 25 possible keys.

Three important characteristics of this problem enabled us to use a brute force cryptanalysis:

1. The encryption and decryption algorithms are known.

2. There are only 25 keys to try.

3. The language of the plaintext is known and easily recognizable.

NETWORK SECURITY 10EC832

Instead of shifting alphabets by the fixed amount as in Caesar cipher, any random

permutation is assigned to the alphabets. This type of encryption called

Monoalphabetic substitution cipher.

For example, a replaced by Q, B by D, C by T etc. then it will be comparatively

stronger than Caesar.

This technique uses a 5 X 5 matrix which also called the key matrix.

M O N A R

C H Y B D

E F G I/J K

L P Q S T

U V W X Z

The plaintext encrypted two letters at a time, according to the following rules:

Repeating plaintext letters that are in the same pair are separated with a filler

letter, such as x, so that balloon would be treated as ba lx lo on.

Two plaintext letters that fall in the same row of the matrix are each replaced by

the letter to the right, with the first element of the row circularly following the

last.

For example, ar is encrypted as RM.

Two plaintext letters that fall in the same column are each replaced by the letter

beneath, with the top element of the column circularly following the last.

For example, mu is encrypted as CM.

Otherwise, each plaintext letter in a pair is replaced by the letter that lies in its

own row and the column occupied by the other plaintext letter. Thus, hs become

BP and ea becomes IM (or JM, as the enciphered wishes).

Security much improved over Monoalphabetic as here two letters are encrypted at a

time and hence there are 26 X 26 =676 diagrams and hence it needs a 676 entry

frequency table.

NETWORK SECURITY 10EC832

However, it can break even if a few hundred letters known as much of plaintext

structure retained in the cipher text.

Each letter is represented by numbers from 0 to 25 and calculations are done modulo

26.

This encryption algorithm takes m successive plaintext letters and substitutes them

with m cipher text

The substitution determined by m linear equations. For m = 3, the system can describe

as:

c1 = (k11p1 + k21p2 + k31p3) mod 26

c2 = (k12p1 + k22p2 + k32p3) mod 26

c3 = (k13p1 + k23p2 + k33p3) mod 26

This can also expressed in terms of row vectors and matrices.

C = PK mod 26

Where C and P are row vectors of length 3 representing the plaintext and cipher text,

and K is a 3 X 3 matrix representing the encryption key

Key is an invertible matrix K modulo 26, of size m. For example:

Encryption and decryption can give by the following formulae: Hill Cipher

Encryption: C =E (K, P) = PK mod 26

The strength of the Hill cipher is that it completely hides single-letter frequencies.

NETWORK SECURITY 10EC832

Although the Hill ciphers strong against a cipher text-only attack, it easily broke with

a known plaintext attack.

Collect m pair of plaintext-cipher text, where m is the size of the key.

Write the m plaintexts as the rows of a square matrix P of size m.

Write the m cipher texts as the rows of a square matrix C of size m.

We have that C=PK mod 26.

If P is invertible, then K=13-1C mod 26,

If P is not invertible, then collect more plaintext-cipher text pairs until an invertible P

obtained.

Another way to improve on the simple Monoalphabetic technique is to use different

Monoalphabetic substitutions as one proceeds through the plaintext message.

The general name for this approach is polyalphabetic substitution cipher. All these techniques

have the following features in common:

1. A set of related Monoalphabetic substitution rules is used.

2. A key determines which particular rule is chosen for a given transformation.

depending on the key). In this type of cipher, the key determines which particular

substitution to use.

To encrypt a message, a key needed that is as long as the message. Usually, the key a

repeating

We can express the Vigenere cipher in the following manner. Assume a sequence of

plaintext letters P =𝑃0 , 𝑃1 , 𝑃2 ...... 𝑃𝑛−1 and a key consisting of the sequence of letters

K =𝐾0 , 𝐾1 , 𝐾2 … 𝐾𝑚 −1 , where typically m 6 n. The sequence of cipher text letters C =

𝐶0 , 𝐶1 , 𝐶2 … … 𝐶𝑛−1 is calculated as follows:

C = 𝐶0 , 𝐶1 , 𝐶2 … … 𝐶𝑛−1 = E (K, P) = E [(𝐾0 , 𝐾1 , 𝐾2 … 𝐾𝑚 −1 ,), (P =𝑃0 , 𝑃1 ,

𝑃2 ...... 𝑃𝑛 −1 )] = (𝑃0 +𝐾0 , ) mod 26, ( 𝑃1 + 𝐾1 ) mod 26 .......... (𝑃𝑚 −1 +𝐾𝑚 −1 ) mod 26,

(𝑃𝑚 +𝐾0 , ) mod 26, (𝑃𝑚 +1 + 𝐾1 ) mod 26, c, (𝑃2𝑚 −1 + 𝐾𝑚 −1 ) mod 26,........

Thus, the first letter of the key is added to the first letter of the plaintext, mod 26, the

second letters are added, and so on through the first m letters of the plaintext.

NETWORK SECURITY 10EC832

For the next m letters of the plaintext, the key letters are repeated. This process

continues until all of the plaintext sequence is encrypted.

A general equation of the encryption process is

To encrypt a message, a key is needed that is as long as the message. Usually, the key

is a repeating keyword. For example, if the keyword is deceptive, the message “we

are discovered save yourself” is encrypted as

Key: d e c e p t i v e d e c e p t i v e d e c e p t i v e

Plaintext: w e a r e d i s c o v e r e d s a v e y o u r s e l f

Cipher text: Z I C V T W Q N G R Z G V T W A V Z H C Q Y G L M G J

Expressed numerically, we have the following result.

The strength of this cipher is that there are multiple cipher text letters for each plaintext

letter, one for each unique letter of the keyword.

Thus, the letter frequency information obscured, however, not all knowledge of the

plaintext structure lost.

NETWORK SECURITY 10EC832

long as the plaintext and has no statistical relationship to it. Such a system was

introduced by an AT&T engineer named Gilbert Vernam in 1918.

His system works on binary data (bits) rather than letters. The system can be

expressed succinctly as follows (Above figure 3)

The cipher text is generated by performing the bitwise XOR of the plaintext and the

key. Because of the properties of the XOR, decryption simply involves the same

bitwise operation.

7 TRANSPOSITION TECHNIQUES

on the plaintext letters. This technique is referred to as a transposition cipher.

The simplest such cipher is the rail fence technique, in which the plaintext is written

down as a sequence of diagonals and then read off as a sequence of rows. For

example, to encipher the message “meet me after the toga party” with a rail fence of

depth 2, we write the following:

mematrhtgpry

NETWORK SECURITY 10EC832

e tefeteoaat

The encrypted message is

MEMATRHTGPRYETEFETEOAAT

This sort of thing would be trivial to crypt analyze.

A more complex scheme is to write the message in a rectangle, row by row, and read

the message off, column by column, but permute the order of the columns. The order

of the columns then becomes the key to the algorithm. For example,

Thus, in this example, the key is 4312567. To encrypt, start with the column that is

labelled 1, in this case column 3. Write down all the letters in that column. Proceed to

column 4, which is labelled 2, then column 2, then column 1, then columns 5, 6, and 7.

A pure transposition cipher is easily recognized because it has the same letter

frequencies as the original plaintext. For the type of columnar transposition just

shown, cryptanalysis is fairly straightforward and involves laying out the cipher text

in a matrix and playing around with column positions. Diagram and trigram frequency

tables can be useful.

The transposition cipher can be made significantly more secure by performing more

than one stage of transposition. The result is a more complex permutation that is not

easily reconstructed. Thus, if the foregoing message is re-encrypted using the same

algorithm,

To visualize the result of this double transposition, designate the letters in the original

plaintext message by the numbers designating their position. Thus, with 28 letters in the

message, the original sequence of letters is

NETWORK SECURITY 10EC832

Which has a somewhat regular structure. But after the second transposition, we have

DES encrypts 64-bit blocks using a 56-bit key and produces a 64-bit cipher text.

Same steps, with the same key, used to reverse the encryption with the order of the

keys reversed. The DES widely used.

Encryption function has two inputs: the plaintext to be encrypted and the key.

The permuted output then passed through sixteen rounds of the same function, which

involves both permutation and substitution functions. The left and right halves from the

last round swapped to produce pre output.

The pre-output passed through a permutation that is the inverse of the initial permutation

function, to produce the 64-bit cipher text.

Moreover, The 64-bit plaintext passes through an initial permutation (IP) that rearranges

the bits to produce the permuted input.

The right-hand portion of the figure shows the way in which the 56-bit key used.

Initially, the key passed through a permutation function.

Then, a sub key (ki) produced for each of the sixteen rounds by the combination of a left

circular shift and a permutation.

The permutation functions the same for each round, but a different sub key produced

because of the repeated shifts of the key bits.

NETWORK SECURITY 10EC832

8.2 DES Decryption

As with any Feistel cipher, decryption uses the same algorithm as encryption, except

that the application of the sub keys is reversed. Additionally, the initial and final permutations

are reversed.

NETWORK SECURITY 10EC832

The followed criteria need to be taken into account when designing a block cipher:

Number of Rounds: The greater the number of rounds. The more difficult it is to perform

cryptanalysis, even for a weak function. The number of rounds chosen so that efforts required

to crypt analyze it becomes greater than a simple brute-force attack.

Design of Function F: F should be nonlinear and should satisfy strict avalanche criterion

(SAC) and bit independence criterion (BIC).

S-Box Design: S-Box obviously should non-linear and should satisfy SAC, BIC, and

Guaranteed Avalanche criteria. One more obvious characteristic of the S-box is its size.

Larger S-Boxes provide good diffusion but also result in greater look-up tables. Hence,

general size is 8 to 10.

Key schedule Algorithm: With any Feistel block cipher, the key used to generate one sub

key for each round. In general, sub keys should be selected such that it should be deduced sub

keys from one another or main key from the sub key.

A block cipher algorithm is a basic building block for providing data security. to

apply a block cipher in variety of applications.” Modes of operation have been defined by

NIST.

A mode of operation is a technique for enhancing the effect of a cryptographic

algorithm or adapting the algorithm for an application. Such as applying a block cipher to a

sequence of data blocks or a data stream.

Block cipher modes of operation are

1. This is the simplest mode in which plaintext is handled one block at a time and each

block of plaintext is encrypted using the same key.

2. The term codebook is used because, for a given key, there is a unique cipher text for

every -bit block of plaintext.

NETWORK SECURITY 10EC832

3. Therefore, we can imagine a huge codebook in which there is an entry for every possible

b-bit plaintext showing its corresponding cipher text.

4. For a message longer than b bits, the procedure is simply to break the message into b-bit

blocks, padding the last block if necessary.

Decryption is performed one block at a time, always using the same key.

For lengthy messages, ECB mode may be not secure. If the message has repetitive

elements, then these elements can be identified by the analyst.

Thus, the ECB method is ideal for a short amount of data, such as an encryption key.

Lists the following criteria and properties for evaluating and constructing block cipher modes

of operation that are superior to ECB:

Overhead: The additional operations for the encryption and decryption operation when

compared to encrypting and decrypting in the ECB mode.

Error recovery: The property that an error in the ith cipher text block is inherited by

only a few plaintext blocks after which the mode resynchronizes.

NETWORK SECURITY 10EC832

Error propagation: The property that an error in the ith cipher text block is inherited by

the ith and all subsequent plaintext blocks. What is meant here is a bit error that occurs in

the transmission of a cipher text block, not a computational error in the encryption of a

plaintext block.

Diffusion: How the plaintext statistics are reflected in the cipher text. Low entropy

plaintext blocks should not be reflected in the cipher text blocks. Roughly, low entropy

equates to predictability or lack of randomness

Security: Whether or not the cipher text blocks leak information about the plaintext

blocks.

To overcome the security deficiencies of ECB, a technique is needed in which the same

plaintext block, if repeated, produces different cipher text blocks.

NETWORK SECURITY 10EC832

A simple way to satisfy this requirement is the cipher block chaining (CBC) which is

shown in the figure.

In this mode, the input to the encryption algorithm is the X-OR of the current plaintext

block and the preceding cipher text block; the same key is used for each block.

The input to the encryption function for each plaintext block has no fixed relationship to

the plaintext block.

Therefore, repeating patterns will not produce the same cipher text.

The last block is padded to a full b bits if it is a partial block.

For decryption, each cipher block is passed through the decryption algorithm. The result

is X-OR ed with the preceding cipher text block to produce the plaintext block.

The expressions for CBC are: Modes: Operations

Encryption:

Cj = E (K, [Cj-1 Pj])

Decryption:

D (K, Cj) = D (K, E (K, [Cj-1 Pj]))

D (K, Cj) = Cj-1 Pj

Cj-1 D (K, Cj) = Cj-1 Cj-1 Pj = Pj

DES is a block cipher, but it may be used as a stream cipher if the Cipher Feedback Mode

(CFM) or the Output Feedback Mode (OFB) is used. CFB scheme is depicted below.

blocks.

It also can operate in real time.

‘s’ bits the size usually selected by the user, most of the time it 8 bits.

In this case, rather than the block of 64 bits, the plaintext is divided into segments of s

bits.

Encryption: The input to the encryption function a 64-bit shift register that is initially

set to some initialization vector (IV).

The leftmost (most significant) s bits of the output of the encryption function X-ORed

with the first segment of plaintext P1 to produce the first unit of cipher text C1, which

is then transmitted.

NETWORK SECURITY 10EC832

In addition, the contents of the shift register are shifted left by s bits and C1 is placed

in the rightmost s bits of the shift register.

This process continues until all plaintext units have been encrypted.

Decryption: The same scheme used except that the received cipher text unit is X-

ORed with the output of the encryption function to produce the plaintext unit.

The main disadvantage of this scheme is that bit error in one cipher text propagates to

NETWORK SECURITY 10EC832

The output feedback mode is similar in structure to that of CFB.

The difference between CFB and OFB is that in OFB the output of the encryption

function is fed back to the shift register in OFB, whereas in CFB the cipher text is fed

to the shift register.

The other difference is that the OFB mode operates on full blocks of plaintext and

cipher text, not on „s‟ bit subset.

One advantage of the OFB method is that bit errors in transmission do not propagate.

The main disadvantage of OFB is that it is more vulnerable to a message stream

modification attack than CFB

NETWORK SECURITY 10EC832

The only requirement that the counter value must different for each plaintext block that

encrypted.

Typically, the counter initialized to some value and then incremented by 1 for

each subsequent block (modulo 2b, where b the block size)

Counter Mode works as follows:

Encryption: The counter encrypted and then XORed with the plaintext block to produce

the cipher text block; there is no chaining.

Decryption: The same sequence of counter values used. Each encrypted counter X-ORed

with a cipher text block to recover the corresponding plaintext block.

NETWORK SECURITY 10EC832

multiple blocks of plaintext or cipher text. For the chaining modes, the algorithm must

complete the computation on one block before beginning on the next block.

Software efficiency: Similarly, because of the opportunities for parallel execution in

CTR mode, processors that support parallel features, such as aggressive pipelining,

multiple instruction dispatches per clock cycle, the large number of registers can

effectively utilize.

Preprocessing: The execution of the encryption algorithm does not depend on the

input of the plaintext or cipher text. Therefore preprocessing can used to prepare the

output of the encryption boxes which can feed into the X-OR functions when the

plaintext or cipher text input presented.

Random access: The ith block of plaintext or cipher text can process in the random-

access fashion. With the chaining modes, a block cannot compute until i– 1 prior

block computed.

Provable security: It can show that CTR is as secure as the other modes.

Simplicity: CTR mode requires only the implementation of the encryption algorithm

and not the decryption algorithm and has a very simple implementation.

This mode used in ATM (asynchronous transfer mode) and IP Sec (IP security) nowadays.

NETWORK SECURITY 10EC832

AES is a non –Feistel cipher, which means that each transformation or group of

transformation must be invertible. In addition, the cipher and the inverse cipher must use

these operations in such a way that cancel each other. The round keys must also be used in

the reverse order. Two different designs are given to be used for different implementation.

In the original design, the order of transformations in each round is not the same in the cipher

and reverse cipher. Shown in below figure 5.

1st, the order of sub bytes and shift rows is changed in the reverse cipher.

2nd, the order of mix columns and Add round key is changed in the reverse cipher.

This difference in ordering is needed to make each transformation in the cipher

aligned with its inverse in the reverse cipher.

Consequently, the decryption algorithm as a whole is the inverse of the encryption

algorithm.

We have shown only three rounds, but the rest is the same.

Note that the round keys are used in the reverse order.

Note that the encryption and decryption algorithms in the original are not similar.

OR

NETWORK SECURITY 10EC832

Figure 11: cipher and inverse cipher of the original design or AES Encryption and

Decryption

11.2 Alternative design

1. Sub Bytes / shift rows pairs

Sub bytes change the contents of each bytes without changing the order of the

bytes in the state; shift rows change the order of the bytes in the state without

changing the content of the bytes. This implies that we can change the order of

these two transformations in the inverse cipher without affecting the invertibility

of the whole algorithm. Below fig 6 shows the idea.

Note that the combination of two transformations in the cipher and inverse cipher

are the inverse of each other.

NETWORK SECURITY 10EC832

2. Mix columns/Add round key pair

Here the two involved transformations are of different nature.

However, the pairs can become inverse of each if we multiply the key matrix

by the inverse of the constant matrix – used in mix columns transformation.

We call the new transformation InvAddRoundKey. Below fig 7 shows the new

configuration.

It can be proved that the two combinations are now inverses of each other.

In the cipher we call the input state to the combination S and the output state T.

In the inverse cipher the input state to the combination is T.

The following show that the output state is also S.

Not the matrix columns transformation is actually multiplication of the C matrix.

Now we can show the cipher and inverse cipher for the alternate design.

Note that we still need to use two add round key transformations in the

decryption.

In other words, we have nine InvAddRoundKey and two Addroundkey

transformation as shown in below fig8

NETWORK SECURITY 10EC832

Figure 14: cipher and reverse cipher in alternate design or AES Encryption and

Decryption in alternate design

[MAY/JUNE -2010 (06M)], [DEC-2014 / JAN-2015 (8M)]

Figure 9 shows the overall structure of the AES encryption process. The cipher takes a

plaintext block size of 128 bits, or 16 bytes. The key length can be 16, 24, or 32 bytes (128,

192, or 256 bits). The algorithm is referred to as AES-128, AES-192, or AES-256, depending

on the key length.

The input to the encryption and decryption algorithms is a single 128-bit block.

In FIPS PUB 197, this block is depicted as a 4 * 4 square matrix of bytes. This block

is copied into the State array, which is modified at each stage of encryption or

decryption.

After the final stage, State is copied to an output matrix. These operations are

depicted in 10 (a). Similarly, the key is depicted as a square matrix of bytes. This key

is then expanded into an array of key schedule words.

NETWORK SECURITY 10EC832

Figure 10 (b). Shows the expansion for the 128-bit key. Each word is four bytes, and

the total key schedule is 44 words for the 128-bit key. Note that the ordering of bytes

Within a matrix is by column.

So, for example, the first four bytes of a 128-bit plaintext input to the encryption

cipher occupy the first column of the in matrix, the second four bytes occupy the

second column, and so on. Similarly, the first four bytes of the expanded key, which

form a word, occupy the first column of the w matrix.

The cipher consists of N rounds, where the number of rounds depends on the key

length: 10 rounds for a 16-byte key, 12 rounds for a 24-byte key and 14 rounds for a

32-byte key (Table 5.1). The first N - 1 round consist of four distinct transformation

NETWORK SECURITY 10EC832

functions: Sub Bytes, Shift Rows, Mix Columns, and Addroundkey, which are

described subsequently.

The final round contains only three transformations, and there is a initial single

transformation (Addroundkey) before the first round, which can be considered Round

0. Each transformation takes one or more 4 X 4 matrices as input and produces a 4 X

4 matrix as output.

Figure 9 shows that the output of each round is a 4 X 4 matrix, with the output of the

final round being the cipher text. Also, the key expansion function generates N + 1

round key, each of which is a distinct 4 X 4 matrix. Each round key serves as one of

the inputs to the Addroundkey transformation in each round.

Figure 2: AES Data Structures

NETWORK SECURITY 10EC832

[DEC-2014 / JAN-2015 (8M)], [JUNE/JULY − 2017 (6M)],[DEC-2013 / JAN-2014 (10M)]

The left and right halves are treted as separate 32-bit quantities, labelled L (left) and R

(right).

The overall processing at each round can be summarized as:

𝐿𝑖 = 𝑅𝑖 -1

𝑅𝑖 = 𝐿𝑖 -1 ⊕ {F (𝑅𝑖 -1,𝑘𝑖 )}

Expansion (E)

The 32-bit input first expanded to 48 bits. o Bits of input split into groups of 4 bits.

NETWORK SECURITY 10EC832

Each group wrote as groups of 6 bits by taking the outer bits from the two adjacent

groups.

For example: … efgh ijkl mnop … is expanded to … defghi hijklm lmnopq …

Substitution (S-Box)

This 48-bit result input to S-Boxes that perform a substitution on input and produces a 32-bit

output.

It is easy to understand S-Box by the following figure:

NETWORK SECURITY 10EC832

Each S-Box takes 6 bits as input and produces 4 bits as output.

The first and last bits of the input to box form a 2-bit binary number which gives the

binary value of row number.

The middle four bits select one of the sixteen columns.

The decimal value in the cell selected by the row and column then converted to its 4-bit

binary number to produce the output.

For example, in S1, for input 101110, the row is 10 (row 2) and the column is 0111

(column 7).The value in row 2, column 7 is 11, so the output is 1011.

Permutation (P)

The result permuted using a permutation table.

Key Generation

A 64-bit key used as input to the algorithm while only 56 bits actually used. Every eighth

bit ignored. Sub-keys at each round generated as given below:

The key first permuted using a table named Permuted Choice One table (6).

The resulting 56-bit key divided into two 28-bit quantities, C0 and D0. At each round, Ci-

1 and Di-1 separately subjected to a circular left shift of 1 or 2 bits, as governed by a table.

Moreover, these shifted values forwarded to the next round. They are also inputting to a

permutation table Permuted Choice Two table (7).

The table produces a 48-bit output that serves as the round key ki.

NETWORK SECURITY 10EC832

14 STREAM CIPHERS AND BLOCK CIPHERS

A. Stream ciphers

A stream cipher is one that encrypts a digital data stream one bit or one byte at a time.

Examples: one time pad

In which the key stream (ki) is as long as the plaintext bit stream (pi).

If the cryptographic key stream is random, then this cipher is unbreakable by any

means other than acquiring the key stream.

However, the key stream must be provided to both users in advance via some

independent and secure channel.

(Figure 13)

Accordingly, for practical reasons, the bit-stream generator must be implemented as an

algorithmic procedure, so that the cryptographic bit stream can be produced by both

users. In this approach (Figure 13), the bit-stream generator is a key-controlled algorithm

and must produce a bit stream that is cryptographically strong. That is, it must be

computationally impractical to predict future portions of the bit stream based on previous

NETWORK SECURITY 10EC832

portions of the bit stream. The two users need only share the generating key, and each can

produce the key stream.

B. Block ciphers

A block cipher is one in which a block of plaintext is treated as a whole and used to

produce a cipher text block of equal length.

Typically, a block size of 64 or 128 bits is used.

As with a stream cipher, the two users share a symmetric encryption key (Figure 14).

Plaintext:227 bytes

Block size: 16bytes

=227/16=14 blocks & 3 bytes

Total block 15 in which last block contain 3 bytes and padding bytes

[JUNE/JULY-2013(8M)]

NETWORK SECURITY 10EC832

0r

Feistel cipher is based on the idea that instead of using Ideal block cipher which degrades

performance, a “substitution-permutation network” can be used.

The inputs to the encryption algorithm are a plaintext block of length 2w bits and a key K.

The plaintext block is divided into two halves 𝐿𝑂 and 𝑅𝑂

The two halves of the data pass through rounds of processing and then combine to

produce the cipher text block.

Each round has as inputs 𝐿𝑖−1 and 𝑅𝑖−1 derived from the previous round, as well as a sub

key 𝐾𝑖 derived from the overall K.

Any number of rounds could implement and all rounds have the same structure.

A substitution is performed on the left half of the data. This done by applying around

function F.

The Round Function F: F takes the right-half block of the previous round and a sub key as

input.

The output of the function XORed with the left half of the data.

Dept. of ECE, BGSIT, BG Nagara, Mandya Page 37

NETWORK SECURITY 10EC832

The process of decryption with a Feistel cipher is same as the encryption process.

The cipher text input to the algorithm and the sub keys used in reverse order. That is, sub

key of the last round in encryption used in the first round in decryption, second last in the

second round, and so.

NETWORK SECURITY 10EC832

The exact realization of a Feistel network depends on the choice of the following

parameters:

Block size: Larger block sizes mean greater security but reduced encryption/decryption

speed for a given Traditionally, a block size of 64 bits used which gives enough security

without greatly affecting the speed.

Key size: Larger key size means greater security but may decrease encryption/ decryption

speed. The greater security achieved by greater resistance to brute-force attacks and

greater confusion. Key sizes of 64 bits or less now widely considered to inadequate, and

128 bits has become a common size.

The number of rounds: The essence of the Feistel cipher that a single round offers

inadequate security but that multiple rounds offer increased security. A typical size 16

rounds.

Sub key generation algorithm: Greater complexity in this algorithm leads to greater

difficulty of cryptanalysis

cryptanalysis.

applications implementation (as software). Accordingly, the speed of execution of the

algorithm becomes a concern.

Ease of analysis: Although we would like to make our algorithm as difficult as possible

to crypt analyze, there is a great benefit in making the algorithm easy to analyze. That is

if The algorithm can concisely and clearly explain, it is easier to analyze that algorithm

for cryptanalytic vulnerabilities and therefore develop a high level of assurance as to its

strength.

NETWORK SECURITY 10EC832

With a key length of 56 bits, there are 256 possible keys, which is approximately 7.2

X 1016 keys. Thus, on the face of it, a brute-force attack appears impractical.

Assuming that, on average, half the key space has to be searched, a single machine

performing one DES encryption per microsecond would take more than a thousand

years to break the cipher.

The assumption of one encryption per microsecond is overly conservative. As far

back as 1977, Diffie and Hellman postulated that the technology existed to build a

parallel machine with 1 million encryption devices, each of which could perform one

encryption per microsecond [DIFF77]. This would bring the average search time

down to about 10 hours. The authors estimated that the cost would be about $20

million in 1977 dollars.

Table 9 shows how much time is required for a brute-force attack for various key

sizes. As can be seen, a single PC can break DES in about a year; if multiple PCs

work in parallel, the time is drastically shortened.

Today‟s supercomputers should be able to find a key in about an hour. Key sizes of

128 bits or greater are effectively unbreakable using simply a brute force approach.

Even if we managed to speed up the attacking system by a factor of 1 trillion (1012),

it would still take over 100,000 years to break a code using a 128-bit key.

Another concern is the possibility that cryptanalysis is possible by exploiting the

characteristics of the DES algorithm.

NETWORK SECURITY 10EC832

The focus of concern has been on the eight substitution tables, or S-boxes, that are

used in each iteration. Because the design criteria for these boxes, and indeed for the

entire algorithm, were not made public, there is a suspicion that the boxes were

constructed in such a way that cryptanalysis is possible for an opponent who knows

the weaknesses in the S-boxes. This assertion is tantalizing, and over the years a

number of regularities and unexpected behaviors of the S-boxes have been

discovered. Despite this, no one has so far succeeded in discovering the supposed

fatal weaknesses in the S-boxes.

For most of its life, the prime concern with DES has been its vulnerability to brute-

force attack because of its relatively short (56 bits) key length. However, there has also been

interest in finding cryptanalytic attacks on DES. With the increasing popularity of block

ciphers with longer key lengths, including triple DES, brute-force attacks have become

increasingly impractical. Thus, there has been increased emphasis on cryptanalytic attacks on

DES and other symmetric block ciphers. In this section, we provide a brief overview of the

two most powerful and promising approaches: differential cryptanalysis and linear

cryptanalysis.

Differential Cryptanalysis

cryptanalysis. In this section, we discuss the technique and its applicability to DES.

The differential cryptanalysis attack is complex; [BIHA93] provides a complete

description.

The rationale behind differential cryptanalysis is to observe the behavior of pairs of

text blocks evolving along each round of the cipher, instead of observing the

evolution of a single text block. Here, we provide a brief overview so that you can get

the flavor of the attack.

We begin with a change in notation for DES. Consider the original plaintext

block m to consist of two halves m0, m1.

NETWORK SECURITY 10EC832

Each round of DES maps the right-hand input into the left-hand output and sets the

right-hand output to be a function of the left-hand input and the sub key for this

round. So, at each round, only one new 32-bit block is created.

If we label each new block m1(2 I 17), then the intermediate message halves are

related as follows:

In differential cryptanalysis, we start with two messages, m and m', with a known XOR

difference m = m m' and consider the difference b/w the intermediate message

halves: 𝑚𝑖 = 𝑚𝑖 𝑚𝑖+1

′

. then we have

Now, suppose that many pairs of inputs to f with the same difference yield the same

output difference if the same sub key is used. To put this more precisely, let us say

that X may cause Y with probability p, if for a fraction p of the pairs in which the

input XOR is X, the output XOR equals Y.

We want to suppose that there are a number of values of X that have high probability

of causing a particular output difference. Therefore, if we know Dmi-1 and Dmi with

high probability, then we know Dmi+1 with high probability.

Furthermore, if a number of such differences are determined, it is feasible to

determine the sub key used in the function f.

The overall strategy of differential cryptanalysis is based on these considerations for a

single round.

The procedure is to begin with two plaintext messages m and m' with a given

difference and trace through a probable pattern of differences after each round to yield

a probable difference for the cipher text.

there are two probable patterns of differences for the two 32-bit halves: (m17||m16).

Next, we submit m and m' for encryption to determine the actual difference under the

unknown key and compare the result to the probable difference. If there is a match,

NETWORK SECURITY 10EC832

Then we suspect that all the probable patterns at all the intermediate rounds are

correct. With that assumption, we can make some deductions about the key bits. This

procedure must be repeated many times to determine all the key bits.

hexadecimal)

NETWORK SECURITY 10EC832

through three rounds of DES. The probabilities shown on the right refer to the probability that

a given set of intermediate differences will appear as a function of the input differences.

Overall, after three rounds the probability that the output difference is as shown is equal to

0.25 x 1 x 0.25 = 0.0625.

Linear Cryptanalysis

based on finding linear approximations to describe the transformations performed in DES.

This method can find a DES key given 243 known plaintexts, as compared to 247 chosen

plaintexts for differential cryptanalysis. Although this is a minor improvement, because it

may be easier to acquire known plaintext rather than chosen plaintext, it still leaves linear

cryptanalysis infeasible as an attack on DES. So far, little work has been done by other

groups to validate the linear cryptanalytic approach.

We now give a brief summary of the principle on which linear cryptanalysis is based. For a

cipher with n-bit plaintext and cipher text blocks and an m-bit key, let the plaintext block be

labelled P[1], ... P[n], the cipher text block C[1], ... C[n], and the key K[1], ... K[m]. Then

define

The objective of linear cryptanalysis is to find an effective linear equation of the form:

This gives us a linear equation on the key bits. Try to get more such relations so that we can

solve for the key bits. Because we are dealing with linear equations, the problem can be

approached one round of the cipher at a time, with the results combined.

NETWORK SECURITY 10EC832

The key used to encrypt and decrypt a single message and then discarded. Each new

message requires a new key of the same length as the new message.

This scheme is unbreakable.

It produces random output that bears no statistical relationship to the plaintext.

Because the cipher text contains no information whatsoever about the plaintext, there is

simply no way to break the code.

For any plaintext of equal length to the cipher text, there is a key that produces that

plaintext.

Therefore, if you did an exhaustive search of all possible keys, you would end up with

many legible plaintexts, with no way of knowing which the intended plaintext was.

Therefore, the code is unbreakable.

The security of the one-time pad is entirely due to the randomness of the key.

The one-time pad offers complete security but, in practice, has two fundamental

difficulties:

1. There is the practical problem of making large quantities of random keys. Any heavily

used system might require millions of random characters on a regular basis.

Supplying truly random characters in this volume is a significant task.

2. Another problem is that of key distribution and protection. For every message to sent,

a key of equal length needed by both sender and receiver.

Because of these difficulties, the one-time pad used where very high security required.

The one-time pad is the only cryptosystem that exhibits perfect secrecy.

The steganography comes from Greek words, steganos in Greek meaning “hidden” or

“covered” and graphic in Greek meaning “writing”. Steganography is the invisible

communication.

NETWORK SECURITY 10EC832

The main idea of steganography is to hide secret messages in the other cover digital

Medias such as a text, video, and audio, image etc. show that someone or hacker or other

person cannot know the presence of the secret information.

There are three basic types of steganography

a. Pure or Stegano-graphy.

b. secret key Stegano-graphy.

c. Public key Stegano-graphy.

a. Pure-steganography: is embedding the secret information or message into the thing (item)

without using any private keys. Pure Stegano-graphy is entirely depends upon secrecy. In this

steganography uses a cover image in which information is to be embedded.

Pure Stego cannot give the better security because of it will be not difficult for Extracting the

information, if the hacker know the embedding technique.

Advantage - It decreases the difficulty in key sharing.

Secret key steganography: in this technique uses the individual key for combine the

Information into The thing (item), so this will be similar to symmetric key. For a Decryption

it will be uses the same-key, which will be utilized to encryption.

Advantage - Mystery-key Stego gives high security compare to pure-Stego.

NETWORK SECURITY 10EC832

1) Encryption

2) Decryption

Encryption used for private - key and Decryption used for public- key & it is saved in a

public database.

Applications

Protect of data alteration.

Access control system for digital content distribution.

Usage in modern printers

Alleged use by terrorists.

Alleged use by intelligence services etc.

Advantages

It is used in the way of hiding not the information but the password to reach that

information.

Difficult to detect. Only receiver can detect.

Can be applied differently in digital image, sound, audio and video file.

NETWORK SECURITY 10EC832

The overall structure of the simplified DES. The S-DES encryption algorithm takes an

8-bit block of plaintext (example: 10111101) and a 10-bit key as input and produces an 8-bit

block of cipher text as output. The S-DES decryption algorithm takes an 8-bit block of cipher

text and the same 10-bit key used to produce that cipher text as input and produces the

original 8-bit block of plaintext.

The encryption algorithm involves five functions: an initial permutation (IP); a

complex function labelled fk, which involves both permutation and substitution operations

and depends on a key input ;a simple permutation function that switches (SW) the two halves

NETWORK SECURITY 10EC832

of the data; the function fk again; and finally a permutation function that is the inverse of the

initial permutation( I𝑃 −1 ) .

The function fk takes as input not only the data passing through the encryption

algorithm, but also an 8-bit key. Here a 10-bit key is used from which two 8-bit sub keys are

generated. The key is first subjected to a permutation (P10). Then a shift operation is

performed. The output of the shift operation then passes through a permutation function that

produces an 8-bit output (P8) for the first sub key (K1). The output of the shift operation also

feeds into another shift and another instance of P8 to produce the second sub key (K2).

Where

Decryption is also shown in above fig25 and is essentially the reverse of encryption:

S-DES depends on the use of a 10-bit key shared between sender and receiver. From

this key, two 8-bit sub keys are produced for use in particular stages of the encryption and

decryption algorithm.

First, permute the key in the following fashion. Let the 10-bit key be designated as

(k1, K2, k3, k4, k5, k6, k7, k8, k9, k10). Then the permutation P10 is defined as:

P10 (k1, K2, k3, k4, k5, k6, k7, k8, k9, k10) = (k3, k5, K2, k7, k4, k10 10, k1, k9, k8, k6)

P10 can be concisely defined by the display:

NETWORK SECURITY 10EC832

This table is read from left to right; each position in the table gives the identity of the

input bit that produces the output bit in that position. So the first output bit is bit 3 of the

input; the second output bit is bit 5 of the input, and so on. For example, the key

(1010000010) is permuted to (10000 01100). Next, perform a circular left shift (LS-1), or

rotation, separately on the first five bits and the second five bits. In our example, the result is

(00001 11000). Next we apply P8, which picks out and permutes 8 of the 10 bits according to

the following rule:

The result is sub key 1 (K1). In our example, this yields (10100100). We then go back to the

pair of 5-bit strings produced by the two LS-1 functions and performs a circular left shift of 2

bit positions on each string. In our example, the value (00001 11000) becomes (00100

00011). Finally, P8 is applied again to produce K2. In our example, the result is (01000011).

NETWORK SECURITY 10EC832

23 S-DES ENCRYPTION

Encryption involves the sequential application of five functions.

The input to the algorithm is an 8-bit block of plaintext, which we first permute using

the IP function:

NETWORK SECURITY 10EC832

This retains all 8 bits of the plaintext but mixes them up.

The Function fk

The most complex component of S-DES is the function fk, which consists of a

combination of permutation and substitution functions. The functions can be expressed as

follows. Let L and R be the leftmost 4 bits and rightmost 4 bits of the 8-bit input to fk, and let

F be a mapping (not necessarily one to one) from 4-bit strings to 4-bit strings. Then we let

We now describe the mapping F. The input is a 4-bit number (n1 n2 n3 n4). The first

operation is an expansion/permutation operation:

e.g., R= 1101

NETWORK SECURITY 10EC832

The 8-bit sub key K1 = (k11, k12 12, k13 13, k14 14, k15 15, k16 16, k17 17, k18) is added

to this value using exclusive-OR:

The first 4 bits (first row of the preceding matrix) are fed into the S-box S0 to produce a 2- bit

output, and the remaining 4 bits (second row) are fed into S1 to produce another 2-bit output.

These two boxes are defined as follows:

The S-boxes operate as follows. The first and fourth input bits are treated as a 2-bit number

that specify a row of the S-box, and the second and third input bits specify a column of the S-

box. The entry in that row and column, in base 2, is the 2-bit output. For example, if

(p0,0 p0,3) = ) (00) and ( p0,1 p0,2) = (10), then the output is from row 0, column 2 of S0,

which is 3, or (11) in ) binary. Similarly, (p1,0 p1,3) and ( p1,1p1,2) are used to index into a

row and column of S1 to produce an additional 2 bits. Next, the 4 bits produced by S0 and S1

undergo a further permutation as follows:

NETWORK SECURITY 10EC832

UNIT-2

MAY/JUNE 2010

1. In S-DES, 10-bit key is “1010000010”.find the sub keys K1 and K2. If

𝑃10 = 3 5 2 7 4 10 1 9 8 6

𝑃8 = 6 3 7 4 8 5 10 9. [MAY/JUNE -2010 (06M)]

2. With a neat diagram, explain the single round of DEC encryption. [MAY/JUNE -2010

(08M)]

3. Discuss the evaluation criteria of AES. [MAY/JUNE -2010 (06M)]

7 8

4. Encrypt the plain text “SECURITY” using Hill cipher with the key . [MAY/JUNE -

19 3

2010 (08M)]

DEC – 2010

1. Encrypt the message “we will meet tomorrow” using Playfair cipher with a key “STORY”.

Give the rules for encryption. [DEC-2010(10M)]

2. With a schematic diagram, explain the S-DES encryption and decryption process,

highlighting the key generation phase. [DEC-2010(10M)]

3. Explain the counter mode of block cipher. What are its advantages? [DEC-2010(10M)]

𝐉𝐔𝐍𝐄/𝐉𝐔𝐋𝐘 − 𝟐𝟎𝟏𝟏

9 4

1. Encrypt the plain text “MONDAY” using Hill cipher with the key . Show your

5 7

calculation and cipher text. [Hint: a=0, b=1 …… z = 25] [JUNE/JULY − 2011(8M)]

2. Draw the single round of DES algorithm and explain the process. [JUNE/JULY −

2011(10M)]

3. Describe the block cipher modes of operation in details. [JUNE/JULY − 2011(10M)]

DEC-2011

1. Explain block cipher design principles. [DEC-2011(8M)]

2. In S-DES, the plain text is 11110010 and key is 1011100110. Find cipher text. [DEC-

2011(8M)]

3. Explain the strength of DES. [DEC-2011(4M)]

JUNE-2012

1. Explain the operation of Caesar cipher with an algorithm. Derive the cipher with an

algorithm. Derive the cipher text using caser cipher for the following plain text message

“WORK IS WORSHIP”. [JUNE-2012 -6M]

NETWORK SECURITY 10EC832

2. with a block diagram. Explain Feistel encryption and decryption algorithm. [JUNE-2012 -

10M]

3. Write a note on one-time pad. [JUNE-2012 -4M]

4. With a block diagram, explain DES encryption and key generation technique. [[JUNE-

2012 -10M]

DEC-2012

1. With a neat diagram, explain the single round DES encryption. [DEC-2012(10M)]

94

2. Encrypt the plaintext “CRYPTOGRAPHY” using Hill cipher technique. Key K= .

57

[DEC-2012(10M)]

JUNE/JULY-2013

1. Explain the working of the Playfair cipher with an example. [JUNE/JULY-2013(10M)]

2. Distinguish block cipher and stream cipher with examples. [JUNE/JULY-2013(8M)]

3. Explain block cipher design principles. [JUNE/JULY-2013(8M)]

4. Briefly describe about steganography. [JUNE/JULY-2013(4M)]

DEC-2013 / JAN-2014

1. Define the terms cryptography and steganography.[ DEC-2013 / JAN-2014 (4M)]

6 24 1

2. Encrypt the message “ACT” using the Hill Cipher key K= 13 16 10 . And also the

20 17 15

calculations for the corresponding decryption of the cipher text to recover original plain text

8 5 10

𝐾 −1 = 21 8 21 . [DEC-2013 / JAN-2014 (10M)]

21 12 8

3. With the help of a block diagram, explain the overall structure of the S-DES. Explain the

role of sub key generation with suitable analysis. [DEC-2013 / JAN-2014 (10M)]

DEC-2014/JAN-2015

7 8

1. Encrypt the plain text “Hard work” using hill cipher with the key . [DEC -

19 3

2014/JAN-2015 (8M)]

2. With a neat diagram, explain the single round of DEC encryption. [DEC-2014 / JAN-2015

(8M)]

3. In S-DES 10 bit key is 1000100010. Find the sub key K1 and K2 if

𝑃10 = 3 5 2 7 4 10 1 9 8 6

𝑃8 = 6 3 7 4 8 5 10 9. [DEC-2014/JAN-2015 (8M)]

NETWORK SECURITY 10EC832

DEC-2015/JAN-2016

1. Encrypt the message “ELECTRONICS” using Playfair cipher with a key “INDIA”, also

give the rules for encryption. [DEC-2015/JAN-2016 (10M)]

5 8

2. Encrypt the plain text “HAND” using hill cipher with the key = . Also decrypt it and

17 3

verify the encryption and decryption text. [DEC-2015/JAN-2016 (10M)]

3. In S-DES, 10-bit key is “1010000010”.find the sub keys K1 and K2. If

𝑃10 = 3 5 2 7 4 10 1 9 8 6

𝑃8 = 6 3 7 4 8 5 10 9. [DEC-2015/JAN-2016 (10M)]

𝐉𝐔𝐍𝐄/𝐉𝐔𝐋𝐘 − 𝟐𝟎𝟏𝟕

1. Encrypt the plain text “HELLO” Using the play fair cipher with the key “EXAM”. [JUNE/

JULY − 2017 (8M)]

2. Explain the operation of caser cipher with an algorithm. Derive the cipher text using caser

cipher for the following plain text message with key length K=3, “logic”. [JUNE/JULY −

2017 (6M)]

3. Explain the single round of DES – encryption model. [JUNE/JULY − 2017 (6M)]

## Much more than documents.

Discover everything Scribd has to offer, including books and audiobooks from major publishers.

Cancel anytime.