Professional Documents
Culture Documents
Chapter-2
Part II
In simple terms, they're processes that protect data by making sure that
Triple DES
Digital Signature
Digital Certificate
The basic process in enciphering a 64-bit data block using the DES
consists of:
The resultant 64-bit text is split into two equal halves of 32-bit each
called Left Plain Text (LPT) and Right Plain Text (RPT).
• Example: For the first round, we obtain as the output of the eight S boxes:
• K1 + E(R0) = 011000 010001 011110 111010 100001 100110 010100 100111.
• S1(B1)S2(B2)S3(B3)S4(B4)S5(B5)S6(B6)S7(B7)S8(B8) = 0101 1100 1000 0010 1011 0101 1001
0111
• The final stage in the calculation of f is to do a permutation P of the S-box output to
obtain the final value of f:
• f = P(S1(B1)S2(B2)...S8(B8))
• Let The permutation P is(16 7 20 21 29 12 28 17 1 15 23 26 5 18 31 10 2 8 24 14 32 27 3
9 19 13 30 6 22 11 4 25)
• from the output of the eight S boxes:
• S1(B1)S2(B2)S3(B3)S4(B4)S5(B5)S6(B6)S7(B7)S8(B8) = 0101 1100 1000 0010 1011 0101 1001
0111 we get
• f = 0010 0011 0100 1010 1010 1001 1011 1011
• Finally we have F function F
Final stage ---do the same steps 16 time
• R1 = L0 + f(R0 , K1 )
= 1100 1100 0000 0000 1100 1100 1111 1111
+ 0010 0011 0100 1010 1010 1001 1011 1011
= 1110 1111 0100 1010 0110 0101 0100 0100
In the next round, we will have L2 = R1, which is the block we just
calculated, and then we must calculate R2 =L1 + f(R1, K2), and so on for
16 rounds.
At the end of the sixteenth round we have the blocks L16 and R16.
We then reverse the order of the two blocks into the 64-bit block
• R16L16
Final Permutation
• apply a final permutation
• Lets the permutation is defined by (40 8 48 16 56 24 64 32 39 7 47 15 55 23 63 31 38 6 46
14 54 22 62 30 37 5 45 13 53 21 61 29 36 4 44 12 52 20 60 28 35 3 43 11 51 19 59 27 34 2
42 10 50 18 58 26 33 1 41 9 49 17 57 25)
• Example: If we process all 16 blocks using the method defined previously, we get, on the
16th round,
• L16 = 0100 0011 0100 0010 0011 0010 0011 0100
R16 = 0000 1010 0100 1100 1101 1001 1001 0101
• We reverse the order of these two blocks and apply the final permutation to
• R16L16 = 00001010 01001100 11011001 10010101 01000011 01000010 00110010
00110100
• IP-1 = 10000101 11101000 00010011 01010100 00001111 00001010 10110100 00000101
• which in hexadecimal format is
• 85E813540F0AB405.
• This is the encrypted form of M = 0123456789ABCDEF, K = 133457799BBCDFF1 C =
85E813540F0AB405.
How DES Works… summary
•Is it possible to crack DES?
•If yes, how much did it costly?
Toward triple DES
• Diffie and Hellman then outlined a "brute force" attack on DES. (By "brute
force" is meant that you try as many of the 2^56 possible keys as you have to
before decrypting the ciphertext into a sensible plaintext message.) They
proposed a special purpose "parallel computer using one million chips to try
one million keys each" per second, and estimated the cost of such a machine
at $20 million.
• Under the direction of John Gilmore of the EFF, a team spent $220,000 and
built a machine that can go through the entire 56-bit DES key space in an
average of 4.5 days. On July 17, 1998, they announced they had cracked a 56-
bit key in 56 hours. The computer, called Deep Crack, uses 27 boards each
containing 64 chips, and is capable of testing 90 billion keys a second.
Toward triple DES …
• Despite this, as recently as June 8, 1998, Robert Litt, principal associate
deputy attorney general at the Department of Justice, denied it was possible
for the FBI to crack DES: "Let me put the technical problem in context: It took
14,000 Pentium computers working for four months to decrypt a single
message . . . . We are not just talking FBI and NSA [needing massive
computing power], we are talking about every police department."
• Responded cryptograpy expert Bruce Schneier: " . . . the FBI is either
incompetent or lying, or both." Schneier went on to say: "The only solution
here is to pick an algorithm with a longer key; there isn't enough silicon in
the galaxy or enough time before the sun burns out to brute- force triple-
DES" (Crypto-Gram, Counterpane Systems, August 15, 1998).
3. Triple DES
Triple Data Encryption Standard (TDES) is upgraded or improved
version of DES which is a symmetric cryptographic approach in which
DES is used to each block three times which scrambles the plain text to
cipher text.
Triple DES runs three times gradual than DES, but is much safer if
used properly.
The procedure for decrypting object is the similar as the procedure for
encryption, other than it is executed in reverse. Like DES, data is
encrypted and decrypted in 64- bit chunks
2/17/2023 Computer and Network Security 34 By: Mechal T.
Thank you.
4. Digital Signature
Digital Signature
It allows us to verify the author name, date and time of signatures, and
authenticate the message contents.
The digital signature offers far more inherent security and intended to
solve the problem of tampering and impersonation (Intentionally copy
another person's characteristics) in digital communications.
Non-repudiation
Integrity
Signing Algorithm
The key generation algorithm selects private key randomly from a set of
possible private keys.
This algorithm provides the private key and its corresponding public key.
2. Signing algorithm
Digital signatures are created and verified by using public key cryptography,
also known as asymmetric cryptography.
By the use of a public key algorithm, such as RSA, one can generate two keys
that are mathematically linked- one is a private key, and another is a public
key.
The user who is creating the digital signature uses their own private key to
encrypt the signature-related document.
There is only one way to decrypt that document is with the use of signer's
public key.
2/17/2023 Computer and Network Security 40 By: Mechal T.
4. Digital Signature…
How digital signatures work
This technology requires all the parties to trust that the individual who
creates the signature has been able to keep their private key secret.
If someone has access the signer's private key, there is a possibility that
they could create fraudulent signatures in the name of the private key
holder.
A replacement for DES was needed as its key size was too small.
Triple DES was designed to overcome this drawback but it was found
slow.
2/17/2023 Computer and Network Security 46 By: Mechal T.
5. AES…
The features of AES are as follows:
Symmetric key symmetric block cipher
128-bit data, 128/192/256-bit keys
Stronger and faster than Triple-DES
AES performs operations on bytes of data rather than in bits. Since the
block size is 128 bits, the cipher processes 128 bits (or 16 bytes) of the
input data at a time.
A Key Schedule algorithm is used to calculate all the round keys from
the key.
So the initial key is used to create many different round keys which will
be used in the corresponding round of the encryption.
| b1 | b5 | b9 | b13 |
| b2 | b6 | b10| b14 |
| b3 | b7 | b11| b15 ]
ShiftRows
MixColumns
Now the resultant output of the previous stage is XOR-ed with the
corresponding round key.
Here, the 16 bytes is not considered as a grid but just as 128 bits of
data.
After all these rounds 128 bits of encrypted data is given back as
output.
The stages in the rounds can be easily undone as these stages have an
opposite to it which when performed reverts the changes.
Each 128 blocks goes through the 10,12 or 14 rounds depending on the
key size.
Inverse MixColumns
ShiftRows
Inverse SubByte
Inverse S-box is used as a lookup table and using which the bytes are
substituted during decryption.
At the time of exchanging data over a public network, we can use the
shared secret for secret communication.
We use an elliptic curve for generating points and getting a secret key
using the parameters.
2. The variables P and G both are publicly available. The sender selects a
private value, either a or b, for generating a key to exchange publicly.
The receiver receives the key, and that generates a secret key, after which
the sender and receiver both have the same secret key to encrypt.
ka=kb
It means that both the users have the symmetric secret key to encrypt.
Example:
1. User1 and User2 get public keys P = 33 and G = 8.
2. User1 selects a as a private key, i.e., 3, and User2 selects b as a
private key, i.e., 2.
3. User1 calculate the public value: x=(83 mod 33)=512mod33=17
y=(82 mod33)=64mod33= 31
6. User1 receives public key y = 31 and User2 receives public key x = 17.
Major tech giants browsers like Microsoft, Google, Apple and Mozilla
have stopped accepting SHA-1 SSL certificates by 2017.