Lecture 5 - Week 5

NET3106 – Network Security
Lecturer:
Houshyar Honar Pajooh
Room Number : AE-3-28 (University Building - East)
Email: houshyarh@sunway.edu.my
Sunway University | NET3106 Network Security | Houshyar Honar Pajooh | Aug 2022
SENSITIVE
NET3106 – Network Security
WEEK (5)
SENSITIVE
Symmetric Encryption
(2)
SENSITIVE
Learning Objectives
✓Advanced Encryption Standard (AES)
✓Random Numbers
✓Stream Cipher
✓RC4
SENSITIVE
Advanced Encryption Standard (AES)
• AES is used to replace with DES (very slow and only 64-bit
block size).
• A block size of 128 bits and key sizes of 128, 192, and 256
bits.
• NIST won praises from the cryptographic community for

the openness in the standards process ( call for proposal -
1997).
SENSITIVE
Advanced Encryption Standard (AES)…
• An iterative rather than feistel cipher
• processes data as block of 4 columns of 4 bytes

• operates on entire data block in every round
• 6 times faster than DES
• No attack has succeed yet
• Designed to be:
• resistant against known attacks

• speed and code compactness on many CPUs
• design simplicity
SENSITIVE
AES Operation
• Data block of 4 columns of 4 bytes is state
• Four different stages are used, one of substitution and three of
permutation (except the last round):
• byte substitution (1 S-box - used on every byte)
• shift rows (3 P-box -permute bytes between groups/columns)
• mix columns (subs using matrix multiply of groups)
• add round key (XOR state with key material)
• Only the Add Round Key stage makes use of the key
• Has 9/11/13 rounds
SENSITIVE
AES Operation (one round)
SENSITIVE
AES Operation (N rounds)
SENSITIVE
AES Structure
SENSITIVE
Random Numbers
Many uses of random numbers in cryptography
◦ Generation of keys for the RSA public-key encryption (asymmetric encryption)

◦ Generation of stream key for symmetric stream cipher
◦ Generation of symmetric key as temporary session key
◦ In key distribution scenarios (Kerberos to prevent from reply attack)
In all cases its critical that these values be

◦ Unpredictability (statistically random)
◦ Randomness (uniform distribution (same frequency of zeros and ones), independent)
SENSITIVE
Pseudorandom Number
Generators
Often use deterministic algorithmic techniques to create
random numbers.
◦ Not truly random

◦ But it can pass many tests of randomness
◦ Known as pseudorandom numbers
Created by Pseudorandom Number Generators (PRNGs).
SENSITIVE
Pseudorandom Number Generators
True random number generator (TRNG) : input is a random value (system
time).
Pseudorandom number generator (PRNG) : input is a fixed value + feedback
Pseudorandom function (PRF) : input is a fixed value + feedback + specific
value (e.g. user ID)
SENSITIVE
Stream Cipher
Block cipher processes one block of elements at a time.
Stream cipher processes the input elements (1 bit or one

units larger than 1 byte) continuously.
RC4 is the most popular symmetric stream cipher.
SENSITIVE
Stream Cipher Structure
SENSITIVE
Stream Cipher Structure…
The key is input to pseudorandom byte generator.
The key is unpredictable.
The output of pseudorandom byte generator is called
keystream.
Keystream will combine with plaintext stream using
XOR.
E.g. :
En :11001100 plaintext 01101100 Keystream = 10100000 Ciphertext
De : 10100000 Ciphertext 01101100 Keystream = 11001100 plaintext
SENSITIVE
Stream Cipher Properties
Some design considerations are:
◦ long period with no repetitions

◦ statistically random
◦ depends on large enough key, e.g. 128 bits
Properly designed, can be as secure as a block cipher with same size key
But usually simpler & faster
Data communication channel and web : stream cipher
File transferring, email and database : block cipher
SENSITIVE
RC4
Its stream cipher.
◦ Encrypt one bytes at a time
◦ Almost random number: Period of cipher is greater than 10100
◦ Can use as a random number generator
◦ Very fast and simple
◦ Popular method, including WEP, WPA and SSL
RC4 generates a pseudorandom stream of bits (a keystream) which,

for encryption/decryption, is combined with the plaintext using XOR
◦ Key size 40~256 bits (5 to 32 bytes)
◦ Inputs: Key and Data
◦ Output: Unique keystream of data (PRGA) equal to the length of input data
SENSITIVE
RC4 Structure
Contain Key Scheduling Algorithm (KSA) and
Pseudorandom Generation Algorithm (PRGA) steps:
SENSITIVE
RC4…
Key scheduling algorithm (KSA):
◦ A variable length key, between 40 and 256 bits, is used to initialize

the 256-byte state vector (S) (permutation)
Pseudo Random Generation Algorithm (PRGA)
◦ To generate the keystream
SENSITIVE
RC4…
The steps for RC4 encryption algorithm is as
follows:
◦ Get the data to be encrypted and the selected key.

◦ Create two string arrays.
◦ Initiate one array with numbers from 0 to 255.
◦ Fill the other array with the selected key.
◦ Randomize the first array depending on the array of the key.
◦ Randomize the first array within itself to generate the final key
stream.
◦ XOR the final key stream with the data to be encrypted to give
cipher text.
SENSITIVE
RC4 Example
SENSITIVE
01010001
&
01000001
SENSITIVE

Lecture 5 - Week 5

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Lecture 5 - Week 5

Uploaded by

Copyright:

Available Formats

NET3106 – Network Security

✓Advanced Encryption Standard (AES)

• NIST won praises from the cryptographic community for

• processes data as block of 4 columns of 4 bytes

• resistant against known attacks

◦ Generation of keys for the RSA public-key encryption (asymmetric encryption)

In all cases its critical that these values be

◦ Not truly random

Created by Pseudorandom Number Generators (PRNGs).

Stream cipher processes the input elements (1 bit or one

RC4 is the most popular symmetric stream cipher.

◦ long period with no repetitions

RC4 generates a pseudorandom stream of bits (a keystream) which,

◦ A variable length key, between 40 and 256 bits, is used to initialize

Pseudo Random Generation Algorithm (PRGA)

◦ To generate the keystream

◦ Get the data to be encrypted and the selected key.

You might also like