Professional Documents
Culture Documents
Unit - 2
Symmetric key algorithms -
In today’s cyber-world there is an ever-present risk of unauthorized access to all forms of data. Most at
risk is financial and payment system data that can expose the personally identifiable information (PII)
or payment card details of customers and clients. Encryption is crucial for protecting PII and mitigating
the risks that businesses, which conduct payment transactions, face every minute of every day.
This article talks about symmetric encryption in banking, its advantages and some challenges of
managing the keys.
Symmetric encryption is a type of encryption where only one key (a secret key) is used to both encrypt
and decrypt electronic data. The entities communicating via symmetric encryption must exchange the
key so that it can be used in the decryption process. This encryption method differs from asymmetric
encryption where a pair of keys - one public and one private - is used to encrypt and decrypt messages.
By using symmetric encryption algorithms, data is "scrambled" so that it can't be understood by anyone
who does not possess the secret key to decrypt it. Once the intended recipient who possesses the key
has the message, the algorithm reverses its action so that the message is returned to its original readable
form. The secret key that the sender and recipient both use could be a specific password/code or it can
be random string of letters or numbers that have been generated by a secure random number generator
(RNG). For banking-grade encryption, the symmetric keys must be created using an RNG that is
certified according to industry standards, such as FIPS 140-2.
---Block algorithms. Set lengths of bits are encrypted in blocks of electronic data with the use of a
specific secret key. As the data is being encrypted, the system holds the data in its memory as it waits
for complete blocks.
---Stream algorithms. Data is encrypted as it streams instead of being retained in the system’s
memory.
AES, DES, IDEA, Blowfish, RC5 and RC6 are block ciphers. RC4 is stream cipher.
DES
In “modern” computing, DES was the first standardized cipher for securing electronic communications,
and is used in variations (e.g. 2-key or 3-key 3DES). The original DES is not used anymore as it is
considered too “weak”, due to the processing power of modern computers. Even 3DES is not
recommended by NIST and PCI DSS 3.2, as well as all 64-bit ciphers. However, 3DES is still widely
used in EMV chip cards because of legacy applications that do not have a crypto-agile infrastructure.
AES
The most commonly used symmetric algorithm is the Advanced Encryption Standard (AES), which
was originally known as Rijndael. This is the standard set by the U.S. National Institute of Standards
and Technology in 2001 for the encryption of electronic data announced in U.S. FIPS PUB 197. This
standard supersedes DES, which had been in use since 1977. Under NIST, the AES cipher has a block
size of 128 bits, but can have three different key lengths as shown with AES-128, AES-192 and AES-
256.
While symmetric encryption is an older method of encryption, it is faster and more efficient than
asymmetric encryption, which takes a toll on networks due to performance issues with data size and
heavy CPU use. Due to the better performance and faster speed of symmetric encryption (compared to
asymmetric), symmetric cryptography is typically used for bulk encryption / encrypting large amounts
of data, e.g. for database encryption. In the case of a database, the secret key might only be available to
the database itself to encrypt or decrypt. Industry standard symmetric encryption is also less vulnerable
to advances in quantum computing compared to the the current standards for asymmetric algorithms (at
the time of writing).
Payment applications, such as card transactions where PII needs to be protected to prevent identity
theft or fraudulent charges
Validations to confirm that the sender of a message is who he claims to be
Unfortunately, symmetric encryption does come with its own drawbacks. Its weakest point is its aspects
of key management, including:
Key Exhaustion
Symmetric Encryption suffers from behavior where every use of a key ‘leaks’ some information that
can potentially be used by an attacker to reconstruct the key. The defenses against this behavior include
using a key hierarchy to ensure that master or key-encryption keys are not over-used and the
appropriate rotation of keys that do encrypt volumes of data. To be tractable, both these solutions
require competent key-management strategies as if (for example) a retired encryption key cannot be
recovered the data is potentially lost.
Attribution data
Unlike asymmetric (public-key) Certificates, symmetric keys do not have embedded metadata to record
information such as expiry date or an Access Control List to indicate the use the key may be put to - to
Encrypt but not Decrypt for example.
The latter issue is somewhat addressed by standards such as ANSI X9-31 where a key can be bound to
information prescribing its usage. But for full control over what a key can be used for and when it can
be used, a key-management system is required.
Where only a few keys are involved in a scheme (tens to low hundreds), the management overhead is
modest and can be handled through manual, human activity. However, with a large estate, tracking the
expiration and arranging rotation of keys quickly becomes impractical.
Consider an EMV payment card deployment: millions of cards multiplied by several keys-per-card
requires a dedicated provision and key-management system.
Conclusion
Maintaining large-scale symmetric encryption systems is a very challenging task. This is especially true
when we want to achieve banking-grade security and auditability when the corporate and/or IT
architecture is decentralized / geographically distributed.
In order to do this properly, it is recommended to use special software to maintain the proper life-cycle
for each key created. In instances of massive key enrollment, it is truly impossible to conduct key
management manually. We need specialized key life-cycle management software for it.
Quantum computing is expected to materialize within the next 5-10 years. Already today, NIST advises
to replace the widely used 3DES algorithm with algorithms which we consider to be more save, based
on today's knowledge.
Not knowing what progress in technology and hence in the evolution malicious decryption-algorithms
may be, we strongly advise banks to migrate to a crypto-agile setup. Such a setup will allow to rapidly
replace algorithms, when weaknesses are detected, with algorithms which are considered to be more
secure. Investment and architecture decisions need to be taken now, to avoid major damage in the
forthcoming years.
Symmetric Algorithm
The symmetric algorithm is explained below in stepwise manner −
Step 1 − Symmetric algorithm is referred to as a secret key algorithm. For encrypting and
decrypting data, the same key is used on both sides which results in a faster and simpler one.
Step 2 − Both the sender and the receiver must use the same key for encryption and decryption.
That is, with the help of the public key the plain text is converted into cipher text and it has been
sent to the destination from the source, and with the help of the same key, which has been used by
the sender, must be used by the receiver for decrypting the cipher text into the plaintext.
Step 3 − So for decrypting and encrypting data, both the sender and the receiver must know about
the public key which is referred to as a secret key.
Step 4 − Stream Ciphers always work on one bit at a time. For encrypting data the same key is
used in stream cipher.
Step 5 − Block Ciphers always work on one block at a time. In stream cipher, for encrypting a
block of data a different key is used.
Step 1 − In the Public key algorithm, for data encryption and data decryption separate keys have
been used which results in complex.
Step 2 − It normally uses one key for data encryption from the plaintext and sent to the destination.
Step 3 − At the receiver side, the receiver uses another key separately for decrypting the encrypted
data to the plaintext. So, here two has been separated by both the source and destination which
cannot be identified by the parties.
Since DES is based on the Feistel Cipher, all that is required to specify DES is −
Round function
Key schedule
Any additional processing − Initial and final permutation
Round Function
The heart of this cipher is the DES function, f. The DES function applies a 48-bit key to the
rightmost 32 bits to produce a 32-bit output.
Expansion Permutation Box − Since right input is 32-bit and round key is a 48-bit, we first
need to expand right input to 48 bits. Permutation logic is graphically depicted in the following
illustration −
The graphically depicted permutation logic is generally described as table in DES specification
illustrated as shown −
XOR (Whitener). − After the expansion permutation, DES does XOR operation on the
expanded right section and the round key. The round key is used only in this operation.
Substitution Boxes. − The S-boxes carry out the real mixing (confusion). DES uses 8 S-boxes,
each with a 6-bit input and a 4-bit output. Refer the following illustration −
Key Generation
The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key. The process of key
generation is depicted in the following illustration −
The logic for Parity drop, shifting, and Compression P-box is given in the DES description.
DES Analysis
The DES satisfies both the desired properties of block cipher. These two properties make cipher
very strong.
Avalanche effect − A small change in plaintext results in the very great change in the ciphertext.
Completeness − Each bit of ciphertext depends on many bits of plaintext.
During the last few years, cryptanalysis have found some weaknesses in DES when key selected are
weak keys. These keys shall be avoided.
DES has proved to be a very well designed block cipher. There have been no significant
cryptanalytic attacks on DES other than exhaustive key search.
The more popular and widely adopted symmetric encryption algorithm likely to be encountered
nowadays is the Advanced Encryption Standard (AES). It is found at least six time
faster than triple DES.
A replacement for DES was needed as its key size was too small. With increasing computing
power, it was considered vulnerable against exhaustive key search attack. Triple DES was designed
to overcome this drawback but it was found slow.
The features of AES are as follows −
Symmetric key symmetric block cipher
128-bit data, 128/192/256-bit keys
Stronger and faster than Triple-DES
Provide full specification and design details
Software implementable in C and Java
Operation of AES
AES is an iterative rather than Feistel cipher. It is based on ‘substitution–permutation network’. It
comprises of a series of linked operations, some of which involve replacing inputs by specific
outputs (substitutions) and others involve shuffling bits around (permutations).
Interestingly, AES performs all its computations on bytes rather than bits. Hence, AES treats the
128 bits of a plaintext block as 16 bytes. These 16 bytes are arranged in four columns and four rows
for processing as a matrix −
Unlike DES, the number of rounds in AES is variable and depends on the length of the key. AES
uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys and 14 rounds for 256-bit keys. Each of
these rounds uses a different 128-bit round key, which is calculated from the original AES key.
The schematic of AES structure is given in the following illustration −
Encryption Process
Here, we restrict to description of a typical round of AES encryption. Each round comprise of four
sub-processes. The first round process is depicted below −
Byte Substitution (SubBytes)
The 16 input bytes are substituted by looking up a fixed table (S-box) given in design. The result is
in a matrix of four rows and four columns.
Shiftrows
Each of the four rows of the matrix is shifted to the left. Any entries that ‘fall off’ are re-inserted on
the right side of row. Shift is carried out as follows −
First row is not shifted.
Second row is shifted one (byte) position to the left.
Third row is shifted two positions to the left.
Fourth row is shifted three positions to the left.
The result is a new matrix consisting of the same 16 bytes but shifted with respect to each other.
MixColumns
Each column of four bytes is now transformed using a special mathematical function. This function
takes as input the four bytes of one column and outputs four completely new bytes, which replace
the original column. The result is another new matrix consisting of 16 new bytes. It should be noted
that this step is not performed in the last round.
Addroundkey
The 16 bytes of the matrix are now considered as 128 bits and are XORed to the 128 bits of the
round key. If this is the last round then the output is the ciphertext. Otherwise, the resulting 128 bits
are interpreted as 16 bytes and we begin another similar round.
Decryption Process
The process of decryption of an AES ciphertext is similar to the encryption process in the reverse
order. Each round consists of the four processes conducted in the reverse order −
AES Analysis
In present day cryptography, AES is widely adopted and supported in both hardware and software.
Till date, no practical cryptanalytic attacks against AES has been discovered. Additionally, AES has
built-in flexibility of key length, which allows a degree of ‘future-proofing’ against progress in the
ability to perform exhaustive key searches.
However, just as for DES, the AES security is assured only if it is correctly implemented and good
key management is employed.
Asymmetric cryptography
What is asymmetric cryptography?
Asymmetric cryptography, also known as public-key cryptography, is a process that uses a
pair of related keys -- ONE PUBLIC KEY AND ONE PRIVATE KEY -- TO ENCRYPT AND
DECRYPT A MESSAGE AND PROTECT IT FROM UNAUTHORIZED ACCESS OR USE.
A public key IS A CRYPTOGRAPHIC KEY THAT CAN BE USED BY ANY PERSON TO
ENCRYPT A MESSAGE SO THAT IT CAN ONLY BE DECRYPTED BY THE INTENDED
RECIPIENT WITH THEIR PRIVATE KEY. A PRIVATE KEY -- ALSO KNOWN AS A
SECRET KEY -- IS SHARED ONLY WITH KEY'S INITIATOR.
When someone wants to send an encrypted message, they can pull the intended
recipient's public key from a public directory AND USE IT TO ENCRYPT THE MESSAGE
BEFORE SENDING IT. THE RECIPIENT OF THE MESSAGE CAN THEN DECRYPT THE
MESSAGE USING THEIR RELATED PRIVATE KEY.
If the sender encrypts the message using their private key, the message can be decrypted
only using that sender's public key, thus authenticating the sender. These encryption and
decryption processes happen automatically; users do not need to physically lock and
unlock the message.
Many protocols rely on asymmetric cryptography, including the transport layer security (TLS)
and secure sockets layer (SSL) protocols, which make HTTPS possible.
The encryption process is also used in software programs that need to establish a secure
connection over an insecure network, such as browsers over the internet, or that need to
validate a digital signature.
Increased data security is the primary benefit of asymmetric cryptography. It is the most
secure encryption process because users are never required to reveal or share their private
keys, thus decreasing the chances of a cybercriminal discovering a user's private key during
transmission.
Asymmetric encryption uses a mathematically related pair of keys for encryption and
decryption: a public key and a private key. If the public key is used for encryption, then the
related private key is used for decryption. If the private key is used for encryption, then the
related public key is used for decryption.
The two participants in the asymmetric encryption workflow are the sender and the receiver.
Each has its own pair of public and private keys. First, the sender obtains the receiver's
public key. Next, the plaintext message is encrypted by the sender using the receiver's public
key. This creates ciphertext. The ciphertext is sent to the receiver, who decrypts it with their
private key, returning it to legible plaintext.
Because of the one-way nature of the encryption function, one sender is unable to read the
messages of another sender, even though each has the public key of the receiver.
Encrypted email. A public key can be used to encrypt a message and a private key can
be used to decrypt it.
SSL/TLS. Establishing encrypted links between websites and browsers also makes use of
asymmetric encryption.
In the case of the Bitcoin ledger, each unspent transaction output (UTXO) is typically
associated with a public key. For example, if user X, who has an UTXO associated with his
public key, wants to send the money to user Y, user X uses his private key to sign a
transaction that spends the UTXO and creates a new UTXO that's associated with user Y's
public key.
The key distribution problem is eliminated because there's no need for exchanging keys.
Security is increased since the private keys don't ever have to be transmitted or revealed
to anyone.
The use of digital signatures is enabled so that a recipient can verify that a message
comes from a particular sender.
It's a slow process compared to symmetric cryptography. Therefore, it's not appropriate for
decrypting bulk messages.
If an individual loses his private key, he can't decrypt the messages he receives.
Because public keys aren't authenticated, no one can ensure a public key belongs to the
person specified. Consequently, users must verify that their public keys belong to them.
If a malicious actor identifies a person's private key, the attacker can read that individual's
messages.
The main difference between asymmetric versus symmetric cryptography is that asymmetric
encryption algorithms make use of two different but related keys. One key encrypts data and
another key decrypts it. Symmetric encryption uses the same key to perform both encryption
and decryption functions.
In asymmetric encryption, there must be a mathematical relationship between the public and
private keys. Since malicious actors can potentially exploit this pattern to crack the
encryption, asymmetric keys need to be longer to offer the same level of security. The
difference in the length of the keys is so pronounced that a 2048-bit asymmetric key and a
128-bit symmetric key provide about an equivalent level of security.
Asymmetric encryption is notably slower than symmetric encryption, which has a faster
execution speed.
The RSA algorithm -- the most widely used asymmetric algorithm -- is embedded in the
SSL/TLS, which is used to provide secure communications over a computer network. RSA
derives its security from the computational difficulty of factoring large integers that are the
product of two large prime numbers.
Multiplying two large primes is easy, but the difficulty of determining the original numbers
from the product -- factoring -- forms the basis of public-key cryptography security. The time it
takes to factor the product of two sufficiently large primes is beyond the capabilities of most
attackers.
RSA keys are typically 1024 or 2048 bits long, but experts believe 1024-bit keys will be
broken soon, which is why government and industry are moving to a minimum key length of
2048-bits.
Elliptic Curve Cryptography (ECC) is gaining favor with many security experts as an
alternative to RSA. ECC is a public-key encryption technique based on elliptic curve theory. It
can create faster, smaller and more efficient cryptographic keys through the properties of the
elliptic curve equation.
To break ECC, an attacker must compute an elliptic curve discrete logarithm, which is
significantly more difficult problem than factoring. As a result, ECC key sizes can be
significantly smaller than those required by RSA while still delivering equivalent security with
lower computing power and battery resource usage.
Whitfield Diffie and Martin Hellman, researchers at Stanford University, first publicly proposed
asymmetric encryption in their 1977 paper, "New Directions in Cryptography."
The concept was independently and covertly proposed by James Ellis several years earlier,
while he was working for the Government Communications Headquarters (GCHQ), the
British intelligence and security organization. The asymmetric algorithm as outlined in the
Diffie-Hellman paper uses numbers raised to specific powers to produce decryption keys.
Diffie and Hellman initially teamed up in 1974 to solve the problem of key distribution.
The RSA algorithm, which was based on the work of Diffie, was named after its three
inventors -- Ronald Rivest, Adi Shamir and Leonard Adleman. They invented the RSA
algorithm in 1977 and published it in Communications of the ACM in 1978.
Public key
Private key
The Public key is used for encryption, and the Private Key is used for decryption. Decryption cannot be
done using a public key. The two keys are linked, but the private key cannot be derived from the public
key. The public key is well known, but the private key is secret and it is known only to the user who owns
the key. It means that everybody can send a message to the user using user's public key. But only the
user can decrypt the message using his private key.
The data to be sent is encrypted by sender A using the public key of the intended receiver
B decrypts the received ciphertext using its private key, which is known only to B. B replies to A
A decrypts the received ciphertext using its private key, which is known only to him.
RSA algorithm uses the following procedure to generate public and private keys:
Explanation:
n=pxq
n = 7 x 11
n = 77
Step 3: Choose a number e less that n, such that n is relatively prime to (p - 1) x (q -1). It means
that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e" such that 1<e < φ (n), e is prime
to φ (n), gcd (e, d (n)) =1.
Second, we calculate
φ (n) = (p - 1) x (q-1)
φ (n) = (7 - 1) x (11 - 1)
φ (n) = 6 x 10
φ (n) = 60
Let us now choose relative prime e of 60 as 7.
Thus the public key is <e, n> = (7, 77)
Step 4: A plaintext message m is encrypted using public key <e, n>. To find ciphertext from the plain
text following formula is used to get ciphertext C.
To find ciphertext from the plain text following formula is used to get ciphertext C.
C = me mod n
C = 97 mod 77
C = 37
Step 5: The private key is <d, n>. To determine the private key, we use the following formula d such that:
Example 2:
In an RSA cryptosystem, a particular A uses two prime numbers, 13 and 17, to generate the public and
private keys. If the public of A is 35. Then the private key of A is ……………?.
Explanation:
Step 1: in the first step, select two large prime numbers, p and q.
p = 13
q = 17
Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for encryption and
decryption.
First, we calculate
n=pxq
n = 13 x 17
n = 221
Step 3: Choose a number e less that n, such that n is relatively prime to (p - 1) x (q -1). It means
that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e" such that 1<e < φ (n), e is prime
to φ (n), gcd (e, d (n)) =1.
Second, we calculate
φ (n) = (p - 1) x (q-1)
φ (n) = (13 - 1) x (17 - 1)
φ (n) = 12 x 16
φ (n) = 192
g.c.d (35, 192) = 1
Step 3: To determine the private key, we use the following formula to calculate the d such that:
Example 3:
A RSA cryptosystem uses two prime numbers 3 and 13 to generate the public key= 3 and the private key
= 7. What is the value of cipher text for a plain text?
Explanation:
Step 1: In the first step, select two large prime numbers, p and q.
p=3
q = 13
Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for encryption and
decryption.
First, we calculate
n=pxq
n = 3 x 13
n = 39
Step 3: If n = p x q, then the public key is <e, n>. A plaintext message m is encrypted using public key
<e, n>. Thus the public key is <e, n> = (3, 39).
To find ciphertext from the plain text following formula is used to get ciphertext C.
e
C = m mod n
C = 53 mod 39
C = 125 mod 39
C=8
Hence, the ciphertext generated from plain text, C = 8.
Example 4:
A RSA cryptosystem uses two prime numbers, 3 and 11, to generate private key = 7. What is the value of
ciphertext for a plain text 5 using the RSA public-key encryption algorithm?
Explanation:
Step 1: in the first step, select two large prime numbers, p and q.
p=3
q = 11
Step 2: Multiply these numbers to find n = p x q, where n is called the modulus for encryption and
decryption.
First, we calculate
n=pxq
n = 3 x 11
n = 33
Step 3: Choose a number e less that n, such that n is relatively prime to (p - 1) x (q -1). It means
that e and (p - 1) x (q - 1) have no common factor except 1. Choose "e" such that 1< e < φ (n), e is
prime to φ (n), gcd (e, d (n)) =1.
Second, we calculate
φ (n) = (p - 1) x (q-1)
φ (n) = (3 - 1) x (11 - 1)
φ (n) = 2 x 10
φ (n) = 20
Step 4: To determine the public key, we use the following formula to calculate the d such that:
Calculate e x d = 1 mod φ (n)
e x 7 = 1 mod 20
e x 7 = 1 mod 20
e = (1 + k. φ (n))/ d [let k =0, 1, 2, 3………………]
Put k = 0
e = (1 + 0 x 20) / 7
e = 1/7
Put k = 1
e = (1 + 1 x 20) / 7
e = 21/7
e=3
The public key is <e, n> = (3, 33)
Hence, public key i.e. e = 3
Digital Signature
A digital signature is a mathematical technique which validates the authenticity and integrity of a
message, software or digital documents. It allows us to verify the author name, date and time of
signatures, and authenticate the message contents. The digital signature offers far more inherent security
and intended to solve the problem of tampering and impersonation (Intentionally copy another person's
characteristics) in digital communications.
The computer-based business information authentication interrelates both technology and the law. It
also calls for cooperation between the people of different professional backgrounds and areas of
expertise. The digital signatures are different from other electronic signatures not only in terms of
process and result, but also it makes digital signatures more serviceable for legal purposes. Some
electronic signatures that legally recognizable as signatures may not be secure as digital signatures and
may lead to uncertainty and disputes.
Authentication
Non-repudiation
Integrity
Authentication
Authentication is a process which verifies the identity of a user who wants to access the system. In the
digital signature, authentication helps to authenticate the sources of messages.
Non-repudiation
Non-repudiation means assurance of something that cannot be denied. It ensures that someone to a
contract or communication cannot later deny the authenticity of their signature on a document or in a
file or the sending of a message that they originated.
Integrity
Integrity ensures that the message is real, accurate and safeguards from unauthorized user modification
during the transmission.
2ndThe hash value of the message or file content is calculated. This message or file content is encrypted
3rdNow, the original message or file content along with the digital signature is transmitted.
4thThe receiver decrypts the digital signature by using a public key of a sender.
5thThe receiver now has the message or file content and can compute it.
6thComparing these computed message or file content with the original computed message. The
Certified Signatures
The certified digital signature documents display a unique blue ribbon across the top of the document.
The certified signature contains the name of the document signer and the certificate issuer which
indicate the authorship and authenticity of the document.
Approval Signatures
The approval digital signatures on a document can be used in the organization's business workflow. They
help to optimize the organization's approval procedure. The procedure involves capturing approvals
made by us and other individuals and embedding them within the PDF document. The approval
signatures to include details such as an image of our physical signature, location, date, and official seal.
Visible Digital Signature
The visible digital signature allows a user to sign a single document digitally. This signature appears on a
document in the same way as signatures are signed on a physical document.
END