26 views

Uploaded by Swati Choudhary

Introduction to Cryptography

- Applied Neuro Cryptography
- MCQ Computer Graphics - II - Copy
- GP Card Specification 2.1.1
- cryptanalysis by swiss ecole
- Altera Design Security in Stratix III Devices
- 2
- Lecture 3
- a96a3549-bc35-4eb0-8708-1c3e4f726330_BCA III
- BBA401
- Cryptography
- Pic Attack1
- Basic Crypt Analysis
- Des
- CRITICAL ANALYSIS OF CRYPTOGRAPHIC ALGORITHM FOR DATA SECURITY
- ATACK SMART METERS AES 128 BITS CCM
- Design an Algorithm for Data Encryption and Decryption Using Pentaoctagesimal SNS
- cucs-002-04
- A Seminar Report
- Bt23 and Bt24
- Implement Are Si Testare FPGA Serpent

You are on page 1of 122

Network Security

Protecting data that are stored on or that travel over a network (against either

accidental and intentional unauthorized disclosure or modification)

Then what do you mean by privacy?

Privacy is the need to restrict access to data (unauthorized access). Security is

what we do to ensure privacy

Network Security is having three main goals:

Confidentiality -: Ensuring that data that must be kept private, stay private

Integrity -: Ensuring that data are accurate (unauthorized modification or

destruction)

Availability -: Ensure that data are accessible whenever needed by the

organization

Key Points

The OSI (open systems interconnection) security architecture provides a

systematic framework for defining security attacks, mechanisms, and services

Security attacks are classified as either passive attacks, which include

unauthorized reading of a message of file and traffic analysis; and active

attacks, such as modification of messages or files, and denial of service

A security mechanism is any process (or a device incorporating such a

process) that is designed to detect, prevent, or recover from a security attack.

Examples of mechanisms are encryption algorithms, digital signatures, and

authentication protocols

Security services include authentication, access control, data confidentiality,

data integrity, non repudiation, and availability

The generic name for the collection of tools designed to protect data and to

thwart hackers is computer security

Security Attacks

Passive Attack

Passive attacks are in the nature of eavesdropping on, or monitoring of,

transmissions. The goal of the opponent is to obtain information

that is being transmitted

Two types of passive attacks are release of message contents and traffic

analysis

telephone conversation, an electronic mail message, and a transferred file

may contain sensitive or confidential information. We would like to

prevent an opponent from learning the contents of these transmissions

Security Attacks

Security Attacks

information traffic so that opponents, even if they captured the message,

could not extract the information from the message

The common technique for masking contents is encryption. If we had

encryption protection in place, an opponent might still be able to observe

the pattern of these messages

The opponent could determine the location and identity of communicating

hosts and could observe the frequency and length of messages being

exchanged. This information might be useful in guessing the nature of the

communication that was taking place

Security Attacks

Security Attacks

Note:

Passive attacks are very difficult to detect because they do not involve any

alteration of the data. Typically, the message traffic is sent and received in

an apparently normal fashion and neither the sender nor receiver is aware

that a third party has read the messages or observed the traffic pattern.

However, it is feasible to prevent the success of these attacks, usually by

means of encryption. Thus, the emphasis in dealing with passive attacks is

on prevention rather than detection.

Security Attacks

Active Attacks

Active attacks involve some modification of the data stream or the creation

of a false stream and can be subdivided into four categories:

Masquerade : One entity pretends to be a different entity

Replay : The passive capture of a data unit and its subsequent

transmission to produce an unauthorized effect

Modification of messages : The portion of the legitimate message is

altered

Denial of service : Preventing or inhibiting the normal use or

management of communications facilities

General categories of

security attacks

Interruption: An asset of the system is destroyed or becomes unavailable

or unusable - attack on availability

Interception: An unauthorized party gains access to an asset attack on

confidentiality

Modification: An unauthorized party not only gains access to but tampers

with an asset attack on integrity

Fabrication: An unauthorized party inserts counterfeit objects into the

system attack on authenticity

Security Services

the one that it claims to be

Peer Entity Authentication -: Used in association with a logical

connection to provide confidence in the identity of the entities

connected

Data Origin Authentication -: In a connectionless transfer, provides

assurance that the source of received data is as claimed

(i.e., this service controls who can have access to a resource, under what

conditions access can occur, and what those accessing the resource are

allowed to do)

Security Services

disclosure

Connection Confidentiality -: The protection of all user data on a

connection

Connectionless Confidentiality -: The protection of all user data in a

single data block

Selective-Field Confidentiality -: The confidentiality of selected fields

within the user data on a connection or in a single data block

Traffic Flow Confidentiality -: The protection of the information that

might be derived from observation of traffic flows

Security Services

DATA INTEGRITY -: The assurance that data received are exactly as sent

by an authorized entity (i.e., contain no modification, insertion, deletion, or

replay)

Connection Integrity with Recovery -: Provides for the integrity of

all user data on a connection and detects any modification, insertion,

deletion, or replay of any data within an entire data sequence, with

recovery attempted

Connection Integrity without Recovery -: As above, but provides

only detection without recovery

Security Services

entities involved in a communication of having participated in all or part of

the communication

Nonrepudiation, Origin -: Proof that the message was sent by the

specified party

Nonrepudiation, Destination -: Proof that the message was received

by the specified party

authorized parties when needed

SECURITY MECHANISMS

into a form that is not readily intelligible

of, a data unit that allows a recipient of the data unit to prove the source

and integrity of the data unit and protect against forgery (e.g., by the

recipient)

resources

data unit or stream of data units

SECURITY MECHANISMS

Authentication Exchange -: A mechanism intended to ensure the identity

of an entity by means of information exchange

Traffic Padding -: The insertion of bits into gaps in a data stream to

frustrate traffic analysis attempts

Routing Control -: Enables selection of particular physically secure routes

for certain data and allows routing changes, especially when a breach of

security is suspected

Notarization -: The use of a trusted third party to assure certain properties

of a data exchange

Security

transformation(opponent cannot defeat its purpose)

2.Generate the secret information to be used

3.Develop methods for the distribution and sharing of secret

information

4.Specify a protocol to be used by the two principals that makes use

of the security algorithm and the secret information to achieve a

particular security service.

Classical Encryption

Techniques

Symmetric Encryption

encryption)

(conventional

encryption

or

single-key

decryption are performed using the same key

key and an encryption algorithm. Using the same key and a decryption

algorithm, the plaintext is recovered from the ciphertext

called the ciphertext

enciphering or encryption; restoring the plaintext from the ciphertext is

deciphering or decryption

The many schemes used for encryption constitute the area of study known

as cryptography. Such a scheme is known as a cryptographic system or

a cipher

enciphering details fall into the area of cryptanalysis. Cryptanalysis is

what the layperson calls "breaking the code

Symmetric Encryption

Plaintext: This is the original intelligible message or data that is fed into

the algorithm as input

substitutions and transformations on the plaintext

Secret key: The secret key is also input to the encryption algorithm. The

key is a value independent of the plaintext and of the algorithm. The

algorithm will produce a different output depending on the specific key

being used at the time. The exact substitutions and transformations

performed by the algorithm depend on the key

Symmetric Encryption

on the plaintext and the secret key. For a given message, two different keys

will produce two different ciphertexts. The ciphertext is an apparently

random stream of data and, as it stands, is unintelligible

reverse. It takes the ciphertext and the secret key and produces the original

plaintext

Cryptographic Systems

Cryptographic systems are characterized along three independent

dimensions:

The type of operations used for transforming plaintext to ciphertext

All encryption algorithms are based on two general principles:

Substitution: in which each element in the plaintext (bit, letter, group of

bits or letters) is mapped into another element

Transposition: in which elements in the plaintext are rearranged

Product systems

The number of keys used

If both sender and receiver use the same key, the system is referred to as

symmetric, single-key, secret-key, or conventional encryption

If the sender and receiver use different keys, the system is referred to as

asymmetric, two-key, or public-key encryption

Cryptographic Systems

A block cipher processes the input one block of elements at a time,

producing an output block for each input block

A stream cipher processes the input elements continuously, producing

output one element at a time, as it goes along

Cryptanalysis

Objective of attack?

Cryptanalysis

Cryptanalytic attacks rely on the nature of the algorithm plus perhaps

some knowledge of the general characteristics of the plaintext or even

some sample plaintext-ciphertext pairs

Exploits the characteristics of the algorithm to deduce the key or

plaintext

Brute-force attack

The attacker tries every possible key on a piece of ciphertext until an

intelligible translation into plaintext is obtained

Types of cryptanalytic

attacks

Ciphertext-only attack

The cryptanalyst does not know any of the underlying plaintext

A basic assumption is that ciphertext is always available to an attacker

Known-plaintext attack

The attacker is having the ciphertext and as well as some of the

corresponding plaintext (One or more plaintext-ciphertext pairs formed

with the secret key)

Types of cryptanalytic

attacks

Chosen plaintext attack

cryptanalyst can encrypt a plaintext of his choosing and study the

resulting ciphertext

This is most common against asymmetric cryptography, where a

cryptanalyst has access to a public key

Chosen ciphertext attack

cryptanalyst chooses a ciphertext and attempts to find a matching

plaintext

This can be done with a decryption oracle (a machine that decrypts

without exposing the key)

Unconditionally Secured

encryption scheme

If the ciphertext generated by the scheme doesnt contain enough information

to determine uniquely the corresponding plain text and no matter that how

much ciphertext is available

The encryption algorithm should meet one or both of the following

criteria:

The cost of breaking the cipher exceeds the value of the encrypted

information

The time required to break the cipher exceeds the useful lifetime of the

information

If both the above criteria are met, such an encryption scheme is said to be

computationally secure

Substitution Ciphers

1) Caesar cipher

Caesar cipher involves replacing each letter of the alphabet with the letter

standing three places further down the alphabet

a b c

0 1 2

n o

13 14

d e f

3 4 5

p q

15 16

g h i

6 7 8

r s

17 18

j k l m

9 10 11 12

t u v w x y Z

19 20 21 22 23 24 25

Substitution Ciphers

C=E(p)=(p+k) mod 26 ; where k 1 to 25

The decryption algorithm

p=D(C)=(C-k) mod 26

Three important characteristics of this problem enabled us to use a bruteforce cryptanalysis:

The encryption and decryption algorithms are known

There are only 25 keys to try

The language of the plaintext is known and easily recognizable

Exercise 1

Cryptanalyse the following ciphertext with brute-force method

GCUA VQ DTGCM

Substitution Ciphers

2) Monoalphabetic Cipher (26! Key combinations)

Uses a KEY, which is the rearrangement of the letters of the alphabet

These different keys are then substituted for the letters in the plaintext to

create a ciphertext

The key is needed to decipher the secret message

Encrypt the message "meet me at school", by using a key : REMAINDER

P

T

P

T

W X

Substitution Ciphers

CIPHERTEXT : JIITJIRTSMBLLH

Monoalphabetic encryption is very easy to break, for two main reasons :

require only 26! decipherments

words with repeated letters like "meet" in the example show that

repetition in the ciphertext (frequency of the appearance of letters)

Countermeasure

- Provide multiple substitutes, known as homophones

Substitution Ciphers

3) Homophonic Cipher

Replacing each letter with a variety of substitutes

The letter 'a' accounts for roughly 8% of all letters in English, so we assign

8 symbols to represent it

The letter 'b' accounts for 2% of all letters and so we assign 2 symbols to

represent it

At the end of encipherment (after encrypting) each symbol will constitute

roughly 1% of the ciphertext.

Substitution Ciphers

Enciphering a Message

"In wartime, truth is so precious

But before we do, we should count the letters to see how they correspond

with the "standard" frequency count.

Substitution Ciphers

4) Playfair Cipher

The technique encrypts pairs of letters (digraphs), instead of single letters

as in the simple substitution cipher

It was used for tactical purposes by British forces in the Second Boer War

and in World War I and for the same purpose by the Australians during

World War II

Playfair algorithm is based on the use of 5 x 5 matrix of letters constructed

using a keyword

Substitution Ciphers

The 'key' for a playfair

cipher is generally a word,

for the sake of example we

will choose 'monarchy'.

This is then used to

generate a 'key square', e.g.

combined with 'i'. We now

apply the encryption rules to

encrypt the plaintext.

same pair are separated with a filler letter, such

as x, so that full would be treated as fu lx lz

2. Two plaintext letters that fall in the same row

of the matrix are each replaced by the letter to

the right, with the first element of the row

circularly following the last. For example, ar is

encrypted as RM.

3. Two plaintext letters that fall in the same

column are each replaced by the letter beneath,

with the top element of the column circularly

following the last. For example, mu is

encrypted as CM.

4. Otherwise, each plaintext letter in a pair is

replaced by the letter that lies in its own row

and the column occupied by the other plaintext

letter. Thus, hs becomes BP and ea becomes

IM (or JM, as the encipherer wishes).

Playfair Cipher

Substitution Ciphers

Exercise 2

Substitution Ciphers

5) Polyalphabetic Cipher

This type of cipher is called a polyalphabetic substitution cipher

One such cipher is the famous Vigenere cipher, which was thought to be

unbreakable for almost 300 years

1. Pick a keyword (for our example, the keyword will be "MEC"). And plaintext we

need more supplies fast

2. Write your keyword across the top of the text you want to encipher, repeating it as

many times as necessary.

3. For each letter, look at the letter of the keyword above it (if it was 'M', then you

would go to the row that starts with an 'M'), and find that row in the Vigenere Table

4. Then find the column of your plaintext letter (for example, 'w', so the

twenty-third column).

5. Finally, trace down that column until you reach the row you found before

and write down the letter in the cell where they intersect

Exercise 3

using key MEC

Substitution Ciphers

6) Hill Cipher

Understand by Example

Cipher Substitution technique.

Treat all character as a number. So that A=0, B=1, C=2,, Z=25

Organize a matrix by using plaintext. Here Plaintext is CAT. So that

C=2, A=0, T=19. This is known as Plaintext Matrix

Substitution Ciphers

Chose a random key matrix. This key matrix consists of size nxn order

Multiply both the Matrix (i.e. Key Matrix & Plaintext Matrix)

Now compute a mod 26 value of the above resultant matrix. That is,

take reminder after dividing the above matrix values by 26. That is:

Substitution Ciphers

Translating number in to alphabet. i.e. 5=F, 8=I, and 13=N

Our Cipher text is FIN

For Decryption: Multiply the cipher text matrix & Inverse of Key

Matrix

=>

C = KP mod 26

C = E(K, P) = KP mod 26

P = D(K, P) = K-1C mod 26 = K-1KP = P

Substitution Ciphers

Exercise 4

Encrypt the following by using Hill Cipher and then decipher it.

dad by using key ANOTHERBZ

Transposition Ciphers

instead their position change

the cipher text

Various Transposition cipher techniques given following:

Rail Fence Technique

Simple Columnar Technique

Vernam Cipher (One-time Pad)

th

position of

Transposition Ciphers

1) Rail Fence Technique

Rail Fence technique involves writing plain text message as a sequence of

diagonals and then reading it row-by-row to produce cipher text

Encryption Algorithm: Write down the plain text message as a sequence of diagonals

Read the Plain text Row-by-Row and write down left to right then top

to bottom

Example

Original Plain text massage: Come Home Tomorrow

After we arrange the plaintext message as a sequence of diagonals, it look

like follows

Now read the text row-by-row, and write it sequentially. Thus we have:

CMHMTMROOEOEOORW as the cipher text

Transposition Ciphers

2) Simple Columnar Transposition Technique

Simple columnar transposition technique simply arranges the plaintext as a

sequence of rows of a rectangle that are read in columns randomly

Write the plain text message row-by-row in a rectangle of a pre-defined size

Read the message column-by-column. However it need not be in order of

columns 1, 2, 3 etc. it can be in any order such as 2, 3, 1 etc

The message thus obtained is the cipher text message

Example

Original Plain text massage: Come Home Tomorrow

Let us consider a rectangle with six columns. Therefore, when we write the

message in the rectangle row-by-row suppressing spaces

Now , let us decide the order of columns as some random order, say 4, 6, 1, 2,

5 & 3. Then read the text in the order of these columns

The ciphertext thus obtained would be EOWOOCMROEHMMTO

Transposition Ciphers

3) Simple Columnar Transposition Technique with multiple Rounds

To improve the basic simple columnar, we can introduce more complexity

Use the same basic operation of simple columnar technique, but do it more

than once

Algorithm:

Write the plain text message row-by-row in a rectangle of a pre-defined

size

Read the message column-by-column. However, it need not to be in

order of column 1, 2, 3 etc. it can be any random order such as 2, 3, 1 etc

The message thus obtained is the cipher text message of round 1

Repeat steps 1to 3 as many times as desired

Transposition Ciphers

4) Vernam Cipher (One - time pad)

It is implemented using a random set of characters as the key

Main point is that once a key text for transposition is used, it is never used

again for any other message. So it is called One-Time

Length of the key text is equal to the length of the original plain text

Algorithm

Translate each plain text alphabet in to corresponding Number (i.e. A=0,

B=1,,Z=25)

Do the same for each character key text

Add each number corresponding to the plain text alphabet to the

corresponding key text alphabet number

If the sum thus produced is greater than 26, subtract 26 from it

Translate each number of the sum back to the corresponding alphabet. This

gives the output ciphertext

Transposition Ciphers

Example

Plain text message: HOW ARE YOU

One-time pad (KEY TEXT) : NCBTZQARX

This technique is highly secure and suitable for small plain text message.

It is clearly impractical for large messages

Encryption Standard

en/decrypted

64-bits or more

Substitution-Permutation

Ciphers

networks

modern substitution-transposition product cipher

have seen before:

substitution (S-box)

permutation (P-box)

diffusion dissipates statistical structure of plaintext over bulk of ciphertext

confusion makes relationship between ciphertext and key as complex as

possible

Horst Feistel devised the feistel cipher

based on concept of invertible product cipher

partitions input block into two halves

process through multiple rounds which:

perform a substitution on left data half

based on round function of right half & sub key

then have permutation swapping halves

implements Shannons substitution-permutation

network concept

Virtually all conventional block encryption

algorithms including data encryption standard (DES)

are based on Feistel Cipher Structure.

i

The plaintext is divided into

two halves L0 and R0

Then the two halves pass through n rounds of

processing then combine to produce the cipher

block.

Each round i has as input Li 1 and Ri 1 derived from

the previous round as well as a sub-key K i derived

from the overall K

All rounds have the same structure

A substitution is performed on the left half of the

data. This is done by applying a round function F to

the right half of the data followed by the XOR of

the output of that function and the left half of the

data.

Block Size: (larger block means greater security)

64 bits.

Key Size:56-128 bits.

Number of Rounds: a single round offers

inadequate security, a typical size is 16 rounds.

Sub-key Generation Algorithms: greater

complexity should lead to a greater difficulty of

cryptanalysis.

Round function: Again, greater complexity

generally means greater resistance to

cryptanalysis.

.

Fast Software encryption/Decryption: the speed of

execution of the algorithm is important.

Ease of Analysis: to be able to develop a higher level

of assurance as to its strength

Decryption: use the same algorithm with reversed

keys.

Developed by Prof. Edward Schaefer of Santa Clara

University 1996.

Takes 8 bit block of plain text and 10 bit key as input

and produce an 8 bit block cipher text output.

The encryption algorithm involves 5 functions: initial

permutation (IP); a complex function fk which

involves substitution and permutation depends on the

key; simple permutation function (switch) SW; the

function fk again and final inverse of the initial

permutation( IP-1).

Overview

We can express the encryption algorithm as a

composition function:

IP-1fk2 SW fk1 IP

OR ;

Ciphertext=IP-1(fk2(SW(fk1(IP(plaintext)))))

Where,

K1=P8(shift(P10(key)))

K2 =P8 (shift(shift(P10(key))))

The decryption algorithm is:

Plaintext=IP-1 (fk1(SW(fk2(IP(Ciphertext)))))

First permute the key in the following way:

P10

3

10

Perform a circular left shift to each bits of the key:

Ex: (10000 01100)(00001 11000)

Next apply P8

P

8

10

Continue

Then perform again 2 bit circular shift left on

each of the five bits:

(00001)(11000)(00100)(00011)

Finally apply again P8:

Then K2=(01000011)

S-DES Encryption

S-DES Encryption

The i/p 8-bit block plaintext is first permuted using the

IP function:

IP

2

used :

IP-1

4

IP-1(IP(X))=X;

Ex: IP{(10110101)}=(01111100)

IP-1 {01111100}=(10110101)

The Function fk

Let L and R be the left most 4 bits and

rightmost 4 bits of the 8 bits input

fk (L, R)=(LF(R,SK),R)

Where SK is a sub key and the is bit-by-bit

XOR function.

Ex: if the o/p of the IP is (10111101) and

F(1101,SK)=(1110) for some SK then

fk(10111101)=(1011) (1110)=(0101)

Continue

Recall the first operation is an expansion and permutation to first

4 bits as follows:

E/P

4

n4

n1

n2

n3

n2

n3

n4

n1

n4+K11

n1+ K12

n2 +K13

n3 +K14

n2 +K15

n3 +K16

n4 +K17

n1 +K18

Continue

Let us rename these bits:

P0,0

P0,1

P0,2

P0,3

P1,0

P1,1

P1,2

P1,3

The first row of the matrix 4 bits are fed into the Sbox S0 to produce 2 bit o/p and the remaining 2 bits

are fed to S1 to produce another 2 bits

S-Box

The s-box operates as follows: (P0,0,P0,3 ) determine the

row of the S0 matrix and (P0,1,P0,2 )determine the column:

1

3

S0

0

0 3 2

2 1 0

, S1

2 1 3

1 3 2

0 1 2 3

2 0 1 3

3 0 1 0

2 1 0 3

row 0 and column 2 in S0 which is equal to 3, i.e., (11) in

binary.

In a similar way we can produce the other two bits

SW interchange the left and right 4 bits so that

the second instance of fK operates on a

different 4 bits.

based on concept of invertible product cipher

process through multiple rounds which

perform a substitution on left data half

based on round function of right half & subkey

then have permutation swapping halves

Principles

block size

increasing size improves security, but slows cipher

key size

increasing size improves security, makes exhaustive key searching harder, but may slow

cipher

number of rounds

increasing number improves security, but slows cipher

subkey generation

greater complexity can make analysis harder, but slows cipher

round function

greater complexity can make analysis harder, but slows cipher

fast software en/decryption & ease of analysis

are more recent concerns for practical use and testing

(DES)

as FIPS PUB 46

DES History

by team led by Feistel

used 64-bit data blocks with 128-bit key

then redeveloped as a commercial cipher with input from NSA and others

in 1973 NBS issued request for proposals for a national cipher standard

IBM submitted their revised Lucifer which was eventually accepted as the

DES

in choice of 56-bit key (vs Lucifer 128-bit)

and because design criteria were classified

subsequent events and public analysis show in fact design was appropriate

DES Encryption

Initial Permutation IP

Li = Ri1

Ri = Li1 xor F(Ri1, Ki)

expands R to 48-bits using perm E

adds to subkey

passes through 8 S-boxes to get 32-bit result

finally permutes this using 32-bit perm P

Substitution Boxes S

outer bits 1 & 6 (row bits) select one rows

inner bits 2-5 (col bits) are substituted

result is 8 lots of 4 bits, or 32 bits

consists of:

initial permutation of the key (PC1) which selects 56-bits in two 28-bit

halves

16 stages consisting of:

selecting 24-bits from each half

permuting them by PC2 for use in function f,

rotating each half separately either 1 or 2 places depending on the

key rotation schedule K

DES Decryption

decrypt must unwind steps of data computation

with Feistel design, do encryption steps again

using subkeys in reverse order (SK16 SK1)

note that IP undoes final FP step of encryption

1st round with SK16 undoes 16th encrypt round

.

16th round with SK1 undoes 1st encrypt round

then final FP undoes initial encryption IP

thus recovering original data value

Avalanche Effect

where a change of one input or key bit results in changing approx half

output bits

in 1997 on Internet in a few months

in 1998 on dedicated h/w (EFF) in a few days

in 1999 above combined in 22hrs!

Attacks

by gathering information about encryptions

can eventually recover some/all of the sub-key bits

if necessary then exhaustively search for the rest

include

differential cryptanalysis

linear cryptanalysis

related key attacks

Differential Cryptanalysis

used to analyse most current block ciphers with varying degrees of success

Differential Cryptanalysis

design of S-P networks has output of function f influenced by both input &

key

hence cannot trace values back through cipher without knowing values of

the key

Differential Cryptanalysis

Compares Pairs of Encryptions

with a known difference in the input

searching for a known difference in output

when same subkeys are used

Differential Cryptanalysis

have some input difference giving some output difference with probability

p

occurring

then must iterate process over many rounds (with decreasing probabilities)

Differential Cryptanalysis

Differential Cryptanalysis

perform attack by repeatedly encrypting plaintext pairs with known input XOR until

obtain desired output XOR

when found

if intermediate rounds match required XOR have a right pair

if not then have a wrong pair, relative ratio is S/N for attack

can then deduce keys values for the rounds

right pairs suggest same key bits

wrong pairs give random values

for large numbers of rounds, probability is so low that more pairs are required than exist

with 64-bit inputs

Biham and Shamir have shown how a 13-round iterated characteristic can break the full

16-round DES

Linear Cryptanalysis

can attack DES with 247 known plaintexts, still in practise infeasible

Linear Cryptanalysis

P[i1,i2,...,ia](+)C[j1,j2,...,jb] = K[k1,k2,...,kc]

where ia,jb,kc are bit locations in P,C,K

Principles

number of rounds

more is better, exhaustive search best attack

function f:

provides confusion, is nonlinear, avalanche

key schedule

complex subkey creation, key avalanche

Modes of Operation

block ciphers encrypt fixed size blocks

eg. DES encrypts 64-bit blocks, with 56-bit key

need way to use in practise, given usually have arbitrary amount of

information to encrypt

four were defined for DES in ANSI standard ANSI X3.106-1983 Modes of

Use

subsequently now have 5 for DES and AES

have block and stream modes

(ECB)

Ci = DESK1 (Pi)

(ECB)

ECB

if aligned with message block

particularly with data such graphics

or with messages that change very little, which become a code-book

analysis problem

each previous cipher blocks is chained with current plaintext block, hence

name

Ci = DESK1(Pi XOR Ci-1)

C-1 = IV

CBC

thus a change in the message affects all ciphertext blocks after the change as well

as the original block

however if IV is sent in the clear, an attacker can change bits of the first block,

and change IV to compensate

hence either IV must be a fixed value (as in EFTPOS) or it must be sent

encrypted in ECB mode before rest of message

by padding either with known non-data value (eg nulls)

or pad last block with count of pad size

eg. [ b1 b2 b3 0 0 0 0 5] <- 3 data bytes, then 5 bytes pad+count

message is treated as a stream of bits

added to the output of the block cipher

result is feed back for next stage (hence name)

standard allows any number of bit (1,8 or 64 or whatever) to be feed back

denoted CFB-1, CFB-8, CFB-64 etc

is most efficient to use all 64 bits (CFB-64)

Ci = Pi XOR DESK1(Ci-1)

C-1 = IV

uses: stream data encryption, authentication

CFB

note that the block cipher is used in encryption mode at both ends

message is treated as a stream of bits

output of cipher is added to message

output is then feed back (hence name)

feedback is independent of message

can be computed in advance

Ci = Pi XOR Oi

Oi = DESK1(Oi-1)

O-1 = IV

uses: stream encryption over noisy channels

OFB

used when error feedback a problem or where need to encryptions before message

is available

superficially similar to CFB

but feedback is from the output of cipher and is independent of message

a variation of a Vernam cipher

hence must never reuse the same sequence (key+IV)

sender and receiver must remain in sync, and some recovery method is needed to

ensure this occurs

originally specified with m-bit feedback in the standards

subsequent research has shown that only OFB-64 should ever be used

Counter (CTR)

similar to OFB but encrypts counter value rather than any feedback value

must have a different key & counter value for every plaintext block (never

reused)

Ci = Pi XOR Oi

Oi = DESK1(i)

Counter (CTR)

CTR

efficiency

can do parallel encryptions

in advance of need

good for bursty high speed links

but must ensure never reuse key/counter values, otherwise could break (cf

OFB)

- Applied Neuro CryptographyUploaded byRaiee Dee
- MCQ Computer Graphics - II - CopyUploaded byshailkhan
- GP Card Specification 2.1.1Uploaded byCharlieBrown
- cryptanalysis by swiss ecoleUploaded bySudharssun Subramanian
- Altera Design Security in Stratix III DevicesUploaded bykn65238859
- 2Uploaded byart101988
- Lecture 3Uploaded byLokesh Gautam
- a96a3549-bc35-4eb0-8708-1c3e4f726330_BCA IIIUploaded byJoona John
- BBA401Uploaded byManishSingh
- CryptographyUploaded byrazi_chughtai
- Pic Attack1Uploaded byceliaesca
- Basic Crypt AnalysisUploaded byunutilizator
- DesUploaded byLavinaKalwarLovesgreenday
- CRITICAL ANALYSIS OF CRYPTOGRAPHIC ALGORITHM FOR DATA SECURITYUploaded byAnonymous vQrJlEN
- ATACK SMART METERS AES 128 BITS CCMUploaded byartovolasti
- Design an Algorithm for Data Encryption and Decryption Using Pentaoctagesimal SNSUploaded byseventhsensegroup
- cucs-002-04Uploaded byNir Infosys
- A Seminar ReportUploaded byDivyaswaroop Srivastav
- Bt23 and Bt24Uploaded byapi-26125777
- Implement Are Si Testare FPGA SerpentUploaded byghionoiuc
- 030309Uploaded bynaga raju n
- DNA Based Cryptography and StegnographyUploaded byGRD Journals
- 07 CryptographyUploaded byJamesKJaak
- Notice: Information processing standards, Federal: Withdrawal of FIPS 46-3, Fips 74, and FIPS 81Uploaded byJustia.com
- A Review on Separable Reversible Data Hiding in Encrypted ImageUploaded byEditor IJRITCC
- crafkUploaded byabieaqedas
- Secure CRM Cloud Service using RC5 AlgorithmUploaded byseventhsensegroup
- i Jc Ta 2011020658Uploaded byhmmohan
- Team 6 BriefingUploaded byoreste2008
- steganographyinar9Uploaded byAkintoroye Oluronke Funsho

- VIII Multicasting OptionsUploaded byMayank Jain
- B2B CommerceUploaded bySwati Choudhary
- C-SDESUploaded byNavjot Singh
- Requirement Engineering Process & Tasks.pptxUploaded bySwati Choudhary
- Cuda ExamplesUploaded bySwati Choudhary
- CUDA_CUploaded bySwati Choudhary
- Sc11 Cuda c BasicsUploaded byPoncho Coeto
- client_1Uploaded bySwati Choudhary

- Substitution CiphersUploaded byPooja Thakkar
- A New Nonlinear Combination Generator Myboun Yeni Bir Dorusal Olmayan Birleik Reticisi MybounUploaded bymozgan123
- PRIVACY PRESERVING FOR NUMERIC DATA QUERY IN CLOUD COMPUTINGUploaded byTJPRC Publications
- Electronic Payment MechanismUploaded byRuby Bee
- Cryptography: The Science and Art of Secure Communications by AhmetUploaded bynmaravind
- wireless data encryption and decryption using radio frequence (FINAL YEAR PROJECT OF ELECTRICAL ENGINEERING)Uploaded bysyedfahadraza627
- William Stallings cryptography ch02Uploaded bySuganya Selvaraj
- Lecture 1 Classical CryptographyUploaded bypipi
- Ch3.Block CiphersUploaded byHemant Mahajan
- SNIAsecbookletfinalUploaded bySathish Sagar
- Getting Started With JSSE and JCEUploaded byafshar13505960
- TLStiming.pdfUploaded byDavid Magalhães
- S2750&S5700&S6720 V200R008C00 MIB ReferenceUploaded byDhiogo Ferreira
- A Network Coding and DES Based Dynamic Encryption Scheme for Moving Target DefenseUploaded bysatya
- stsguideUploaded byokissltd
- fortigate-sslvpn-40-mr3Uploaded byMichael Lee
- w_esec01.pdfUploaded byWil Arz
- DNA-based cryptography: motivation, progress, challenges, and futureUploaded byDr Muhamma Imran Babar
- BIOMETRIC REMOTE AUTHENTICATIONUploaded byJournal 4 Research
- Database SecurityUploaded byNidheesh KM
- E Commerce.pdfUploaded byvivekontheweb2036
- A Method of Designing Block Cipher Which Involves a Key Bunch Matrix with Polynomial Entries over F2Uploaded byInternational Organization of Scientific Research (IOSR)
- Public Key Infrastrucure-ThesisUploaded byMuhedin Abdullahi Mohamed
- EFF: CryptoUploaded byEFF
- ais6e-140607034514-phpapp01.pptUploaded byRafaelDelaCruz
- [IJCST-V5I1P19]:Veena S. Nair, Dhanya K. SudhishUploaded byEighthSenseGroup
- Approach to massage Authentication.pdfUploaded byV Nageswara Varma
- How PGP Works.Uploaded byc853534
- The New LTE Cryptographic Algorithms EEA3 and EIA3Uploaded byAchraf Chtibi
- IT5204-Information Systems SecurityUploaded bynuwantha