INTRODUCTION OF SUBJECT

Data can be defined as a representation of facts,

concepts or instructions in a formalized manner
INFORMATION
which should be suitable for communication,
interpretation, or processing by human or electronic
machine

A set of detailed methods, procedures and routines

SYSTEM
created to carry out a specific activity, perform a
duty, or solve a problem.

In information technology, security is the protection

SECURITY of information assets through the use of technology,
processes, and training.
 INDEX

UNIT 1:- Introduction to security attacks

UNIT 2:- AES, RC6, random number generation

UNIT 3:- Public Key Cryptosystems

UNIT 4:- Message Authentication and Hash Function

UNIT 5:- Pretty Good Privacy, IP Security

 UNIT 1-CONTENTS
1.1 Introduction to security attacks Services and mechanism
1.1.1 Security Attacks
1.1.2 Passive and Active Attacks
1.1.3 Passive Attack
1.1.4 Active Attack
1.1.5 Security Services
1.1.6 Basic Vocabulary of Encryption and Decryption
1.2 Classical encryption techniques
1.2.1 Substation Technique
1.2.2 Transposition Techniques
1.3 Cryptanalysis, stream and block ciphers
1.3.1 Stream and Block Ciphers
1.4 Modern Block Ciphers: Block ciphers principals
1.4.1 Block Cipher Principles
1.4.2 Ideal Block Cipher
1.5 Shannon’s theory of confusion and diffusion
1.6 Fiestal structure
1.6.1 Feistel Cipher Structure
1.6.2 Feistel Cipher
1.6.3 Design Features of Feistel Network
1.7 Data encryption standard(DES)
1.7.1 History
1.7.2 DES Design Controversy
1.7.3 DES Encryption
1.7.4 Initial Permutation IP
1.7.5 DES Round Structure
1.7.6 DES Round Structure
1.7.7 Substitution Boxes S
1.7.8 DES Key Schedule
1.7.9 DES Decryption
1.7.11 Strength of DES – Key Size
1.7.12 Strength of DES – Timing Attacks
1.8 Differential and linear cryptanalysis of DES
1.8.1 Differential Cryptanalysi
1.8.2 Linear Cryptanalysis
1.9 Block cipher modes of operations.
1.9.1 Quick History
1.9.2 Modes of Operation Taxonomy
1.9.3 Technical Notes
1.9.4 Electronic Codebook Book (ECB)
1.9.5 ECB Scheme
1.9.6 Cipher Block Chaining (CBC)
1.9.7 CBC Scheme
1.9.8 Cipher FeedBack (CFB)
1.9.9 CFB Scheme
1.9.10 CFB Encryption/Decryption
1.9.11 CFB as a Stream Cipher
1.9.12 Output FeedBack (OFB)
1.9.13 OFB Scheme
1.9.14 OFB as a Stream Cipher
1.9.15 Counter (CTR)
1.9.16 CTR Scheme
1.9.17 OFB as a Stream Cipher
1.10 Triple Data Encryption Standard (Triple-DES)
1.10.1 Triple DES Algorithm
1.1 INTRODUCTION TO SECURITY ATTACKS SERVICES
AND MECHANISM

Three aspects of Information Security:

Security Attack: Any Security Mechanism: a

action that Compromises mechanism that is
the Security of designed to detect,
Information prevent or recover from
a security attack.

Security Service: A Service

that enhances the security of
data processing systems and
information transfers. A
security services makes use
of one or more security
mechanisms.
1.1.1 SECURITY ATTACKS
 SECURITY ATTACKS

 Interruption: This is an attack on availability

 Interception: This is an attack on confidentiality
 Modfication: This is an attack on integtrity
 Fabrication: This is an attack on authenticity
 Security Attacks
Interruption: An asset of the system is destroyed
or becomes unavailable or unusable.
 This is an attack or availability

Examples:
 Destroying some H/W (disk or wire)
 Disabling file system.
 Swamping a computer with jobs or
communication link with packets.
 Security Attacks
Interception:-An unauthorized part gain access
to an asset.
 This is an attacks on confidentiality

Example:-
Wiretapping to capture data in a network.
Illicitly copying data or programs.
 Security Attacks

Modification: an unauthorized part gains

access and tampers an asset.
This is an attack on integrity.

Examples:
Changing data files.
Altering a program.
Altering the contents of a message.
 Security Attacks

Fabrication: An unauthorized party inserts a

counterfeit object into the system.
This is an attack on authenticity.

Examples:
Insertion of records in data files.
Insertion of spurious messages in a network.
(message replay)
SECURITY ATTACKS
 1.1.2 PASSIVE AND ACTIVE ATTACKS

 Active attacksPassive attacks

• No modification of content or fabrication

• Eavesdropping to learn contents or other information

(transfer patterns, traffic flows etc.)

• Modification of content and/or participation in

communication to
•Impersonate legitimate parties

•Modify the content in transit

•Launch denial of service attacks

1.1.3 PASSIVE ATTACKS
PASSIVE ATTACKS
1.1.4 ACTIVE ATTACKS
ACTIVE ATTACKS
 1.1.6 SECURITY SERVICES

 A security service is a service provided by the

protocol layer of a communicating system (X.800)
 5 Categories
 Authentication

 Access Control
 Data confidentiality
 Data Integrity
 Nonrepudiation (and Availability)
 1.1.7 Basic Vocabulary of Encryption and
Decryption
 Plaintext: This is what you want to encrypt
 Cipher text: The encrypted output
 Enciphering or encryption: The process by which
plaintext is converted into cipher text
 Encryption algorithm: The sequence of data processing
steps that go into transforming plaintext into cipher text.
Various parameters used by an encryption algorithm are
derived from a secret key.
 Secret key: A secret key is used to set some or all of the
various parameters used by the encryption algorithm. The
important thing to note is that, in classical cryptography, the
same secret key is used for encryption and decryption.
 Deciphering or decryption: Recovering plaintext from cipher text
 Decryption algorithm: The sequence of data processing steps that go
into transforming cipher text back into plaintext. In classical
cryptography, the various parameters used by a decryption algorithm are
derived from the same secret key that was used in the encryption
algorithm.
 Cryptography: The many schemes available today for encryption and
decryption
 Cryptographic system: Any single scheme for encryption and
decryption.
 Cipher: A cipher means the same thing as a “cryptographic system”
 Block cipher: A block cipher processes a block of input data at a time
and produces a cipher text block of the same size.
 Stream cipher: A stream cipher encrypts data on the fly, usually one
byte at time.
 1.2 Classical Encryption Techniques
CLASSIFICATION OF ENCRYPTION TECHNIQUES

Encryption techniques are broadly classified into

Substition technique and Transposition techniques.
 Substitution - Substitution means replacing an
element of the plaintext with an element of cipher text.
 Transposition - Transposition means rearranging
the order of appearance of the elements of the
plaintext.
 1.2.1 Substation Technique

Substitution ciphers encrypt plaintext by

changing the plaintext one piece at a time.
The Caesar Cipher was an early substitution
cipher. In the Caesar Cipher, each character is
shifted three places up. Therefore, A becomes
D and B becomes E, etc…
This table shows “VOYAGER” being encrypted
with the Caesar substitution cipher:
 Plaintext V O Y A G E R

Key +3 +3 +3 +3 +3 +3 +3

Ciphertext Y R B D J H U

A more complex substitution cipher would be created if,

instead of incrementing each character by three, we used
a more complex key. This table shows a simple
substitution cipher with a key of “123”.
Plaintext V O Y A G E R

Key +1 +2 +3 +1 +2 +3 +1

Ciphertext W Q B B I H S
 1.2.2 Transposition Techniques
All the techniques examined so far involve the
substitution of a ciphertext symbol for a plaintext
symbol. A very different kind of mapping is
achieved by performing some sort of permutation
on the plaintext letters. This technique is referred to
as a transposition cipher.
The simplest such cipher is the rail fence technique,
in which the plaintext is written down as a sequence
of diagonals and then read off as a sequence of
rows. For example, to encipher the message "meet
me after the toga party" with a rail fence of depth 2,
we write the following:

m e m a t r h t g p r y
e t e f e t e o a a t

The encrypted message is

MEMATRHTGPRYETEFETEOAAT
 1.3 Cryptanalysis, Stream and Block
Ciphers

Cryptanalysis :- Cryptanalysis  is the study of

analyzing information systems in order to study the
hidden aspects of the systems. Cryptanalysis is used
to breach cryptographic security systems and gain
access to the contents of encrypted messages, even if
the cryptographic key is unknown.
 1.3.1 Stream and Block Ciphers
Idea of a block cipher: Partition the text into
relatively large (e.g. 128 bits) blocks and encode
each block separately. The encoding of each block
generally depends on at most one of the previous
blocks.
• the same “key” is used at each block.
Idea of a stream cipher: Partition the text into
small (e.g. 1 bit) blocks and let the encoding of
each block depend on many previous blocks. • for
each block, a different “key” is generated.
• for each block, a different “key” is generated.
 1.4 Modern Block Ciphers

 Now look at modern block ciphers

 One of the most widely used types of
cryptographic algorithms
 Provide secrecy /authentication services
 Focus on DES (Data Encryption Standard)
 To illustrate block cipher design principles
 MODERN BLOCK CIPHERS

A symmetric-key modern block cipher encrypts an n-

bit block of plaintext or decrypts an n-bit block of
cipher text. The encryption or decryption algorithm
uses a k-bit key. The common value
for n are 64,128,256
and 512 bits
 1.4.1 BLOCK CIPHER PRINCIPLES

 Most symmetric block ciphers are based on a Feistel

Cipher Structure
 Needed since must be able to decrypt cipher text to
recover messages efficiently
 Block ciphers look like an extremely large substitution
 Would need table of 264 entries for a 64-bit block
 Instead create from smaller building blocks
 Using idea of a product cipher
1.4.2 IDEAL BLOCK CIPHER

permutation
1.5 SHANNON’S THEORY OF CONFUSION
AND DIFFUSION

 Claude Shannon suggested that to complicate

statistical attacks, the cryptographer could
dissipate the statistical structure of the plaintext
in the long range statistics of the ciphertext.

 Shannon called this process diffusion.

 Diffusion complicates the statistics of the cipher text,
and makes it difficult to discover the key of the
encryption process.
 The process of confusion, makes the use of the key so
complex, that even when an attacker knows the
statistics, it is still difficult to deduce the key.
 Confusion can be accomplished by using a complex
substitution algorithm.
 Block ciphers, such as the Data Encryption Standard,
makes use of substitution operations.
 1.6 FEISTEL STRUCTURE

 Horst Feistel devised the Feistel cipher

 based on concept of invertible product
cipher
 Partitions input block into two halves
 process through multiple rounds which
 perform a substitution on left data half
 based on round function of right half &
subkey
 then have permutation swapping halves
 Implements Shannon’s S-P net concept
1.6.1 FEISTEL CIPHER STRUCTURE
 1.6.2 FEISTEL CIPHER

Feistel Cipher is not a specific scheme of block

cipher. It is a design model from which many
different block ciphers are derived. DES is just one
example of a Feistel Cipher. A cryptographic
system based on Feistel cipher structure uses the
same algorithm for both encryption and decryption.
Encryption Process
The encryption process uses the Feistel structure
consisting multiple rounds of processing of the
plaintext, each round consisting of a “substitution”
step followed by a permutation step.
 1.6.3 DESIGN FEATURES OF FEISTEL NETWORK
 Block Size: (larger block means greater security) 64 bits.
 Key Size:56-128 bits.
 Number of Rounds: a single round offers inadequate security, a typical
size is 16 rounds.
 Sub-key Generation Algorithms: greater complexity should lead to a
greater difficulty of cryptanalysis.
 Round function: Again, greater complexity generally means greater
resistance to cryptanalysis.
 Round function: Again, greater complexity generally means greater
resistance to cryptanalysis.
 Fast Software encryption/Decryption: the speed of execution of the
algorithm is important.
 Ease of Analysis: to be able to develop a higher level of assurance as to
its strength
 Decryption: use the same algorithm with reversed keys.
 1.7 DATA ENCRYPTION STANDARD(DES)

Outline
 History
 Encryption
 Key Generation
 Decryption
 Strength of DES

 Ultimate
 1.7.1 HISTORY
In 1971, IBM developed an algorithm,
named LUCIFER which operates on a block
of 64 bits, using a 128-bit key

Walter Tuchman, an IBM researcher,

refined LUCIFER and reduced the key
size to 56-bit, to fit on a chip.

In 1977, the results of Tuchman’s project

of IBM was adopted as the Data
Encryption Standard by NSA (NIST).
 1.7.2 DES Design Controversy

 Although DES standard is public

 Was considerable controversy over design
• in choice of 56-bit key (vs Lucifer 128-bit)
• and because design criteria were classified
 Subsequent events and public analysis show in fact
design was appropriate
 DES has become widely used, especially in
financial applications
1.7.3 DES Encryption
 1.7.4 Initial Permutation IP

 First step of the data computation

 IP reorders the input data bits
 Even bits to LH half, odd bits to RH half
 Quite regular in structure (easy in h/w)
 See text Table 3.2
 Example:
IP(675a6967 5e5a6b5a) = (ffb2194d
004df6fb)
 1.7.5 DES Round Structure
 Uses two 32-bit L & R halves
 As for any Feistel cipher can describe as:
Li = Ri–1
Ri = Li–1 xor F(Ri–1, Ki)
 Takes 32-bit R half and 48-bit subkey and:
• Expands R to 48-bits using perm E
• Adds to subkey
• Passes through 8 S-boxes to get 32-bit result
• Finally permutes this using 32-bit perm P
1.7.6 DES Round Structure
 1.7.7 Substitution Boxes S
 Have eight S-boxes which map 6 to 4 bits
 Each S-box is actually 4 little 4 bit boxes
outer bits 1 & 6 (row bits) select one rows
inner bits 2-5 (col bits) are substituted
result is 8 lots of 4 bits, or 32 bits
 Row selection depends on both data & key
feature known as autoclaving (autokeying)
example:
S(18 09 12 3d 11 17 38 39)= 5fd25e03
 1.7.8 DES Key Schedule

Forms subkeys used in each round

Consists of:
- initial permutation of the key (PC1) which selects
56-bits in two 28-bit halves
- 16 stages consisting of:
• selecting 24-bits from each half
• permuting them by PC2 for use in function f,
• rotating each half separately either 1 or 2 places
depending on the key rotation schedule K
 1.7.9 DES Decryption
 Decrypt must unwind steps of data computation
 With Feistel design, do encryption steps again
 Using subkeys in reverse order (SK16 … SK1)
 Note that IP undoes final FP step of encryption
 1st round with SK16 undoes 16th encrypt round
 ….
 16th round with SK1 undoes 1st encrypt round
 Then final FP undoes initial encryption IP
 Thus recovering original data value
 1.7.10 Avalanche Effect

 Key desirable property of encryption algorithm

 Where a change of one input or key bit results in
changing approx half output bits
 Making attempts to “home-in” by guessing keys
impossible
 DES exhibits strong avalanche
 1.7.11 Strength of DES – Key Size

 56-bit keys have 256 = 7.2 x 1016 values

 Brute force search looks hard
 Recent advances have shown is possible
• In 1997 on Internet in a few months
• In 1998 on dedicated h/w (EFF) in a few days
• In 1999 above combined in 22hrs!
Still must be able to recognize plaintext
 Now considering alternatives to DES
 1.7.12 Strength of DES – Timing Attacks

 Attacks actual implementation of cipher

 Use knowledge of consequences of
implementation to derive knowledge of
some/all subkey bits
 Specifically use fact that calculations can
take varying times depending on the value of
the inputs to it
 Particularly problematic on smartcards
 1.8 Differential and Linear Cryptanalysis
However, if one is fortunate
enough to have a large
quantity of corresponding
Differential Cryptanalysis plaintext and ciphertext
blocks for a particular
unknown key, a technique
called differential
Linear cryptanalysis, invented by cryptanalysis.
Mitsuru Matsui, is a different, but
related technique. Instead of
looking for isolated points at
which a block cipher behaves like
something simpler, it involves
Linear Cryptanalysis
trying to create a simpler
approximation to the block cipher
as a whole
 1.8.1 Differential Cryptanalysi
 A statisticalattack against Feistel ciphers
 Uses cipher structure not previously used
 Design of S-P networks has output of function f
influenced by both input & key
 Hence cannot trace values back through cipher
without knowing value of the key
 Differential cryptanalysis compares two related
pairs of encryptions (differential)
 Differential Cryptanalysis

 Have some input difference giving some

output difference with probability p
 If find instances of some higher probability
input / output difference pairs occurring
 Can infer subkey that was used in round
 Then must iterate process over many
rounds (with decreasing probabilities)
 Differential Cryptanalysis

Input round i

Input round i+1

Overall probabilty
of given output
difference is
(0.25)(1.0)(0.25)
= 0.0625
 Differential Cryptanalysis
 Perform attack by repeatedly encrypting plaintext pairs with
known input XOR until obtain desired output XOR
 When found, assume intermediate deltas match
 if intermediate rounds match required XOR have a right

pair
 if not then have a wrong pair, relative ratio is S/N for attack

 Can then deduce keys values for the rounds

 right pairs suggest same key bits

 wrong pairs give random values

 For large numbers of rounds, probability is so low that more

pairs are required than exist with 64-bit inputs
 1.8.2 Linear Cryptanalysis
 Another fairly recent development
 Also a statistical method
 Must be iterated over rounds, with
decreasing probabilities
 Developed by Matsui et al in early 90's
 Based on finding linear approximations
 Can attack DES with 243 known plaintexts,
easier but still in practice infeasible
 Linear Cryptanalysis

 Find linear approximations with prob p != ½

P[i1,i2,...,ia]  C[j1,j2,...,jb] = K[k1,k2,...,kc]
where ia,jb,kc are bit locations in P,C,K
 Gives linear equation for key bits
 Get one key bit using max likelihood alg
 Using a large number of trial encryptions
 Effectiveness given by: |p–1/2|
 1.9 Block cipher modes of operations
Modes of Operation
Block ciphers encrypt fixed size blocks
 eg. DES encrypts 64-bit blocks, with 56-bit key

Need way to use in practise, given usually have arbitrary

amount of information to encrypt
 Partition message into separate block for ciphering

A mode of operation describes the process of

encrypting each of these blocks under a single key

Some modes may use randomized addition input value

 1.9.1 Quick History
1981 Early modes of operation: ECB, CBC,
CFB, OFB
DES Modes of operation
2001 Revised and including CTR mode and
AES
Recommendation for Block Cipher Modes of
Operation
2010 New Mode : XTS-AES
Recommendation for Block Cipher Modes of
Operation: The XTS-AES Mode for
Confidentiality on Storage Devices
 1.9.2 Modes of Operation Taxonomy
Current well-known modes of operation
 1.9.3 Technical Notes
Initialize Vector (IV)
• a block of bits to randomize the encryption and hence to
produce distinct ciphertext
Nonce : Number (used) Once
• Random of psuedorandom number to ensure that past
communications can not be reused in replay attacks
• Some also refer to initialize vector as nonce
Padding
• final block may require a padding to fit a block size
• Method
• Add null Bytes
• Add 0x80 and many 0x00
• Add the n bytes with value n
 1.9.4 Electronic Codebook Book (ECB)
Message is broken into independent blocks
which are encrypted

Each block is a value which is substituted, like a

codebook, hence name

Each block is encoded independently of the other

blocks
Ci = EK (Pi)
Uses: secure transmission of single values
1.9.5 ECB Scheme
 1.9.6 Cipher Block Chaining (CBC)
Solve security deficiencies in ECB
Repeated same plaintext block result different
ciphertext block

Each previous cipher blocks is chained to be

input with current plaintext block, hence name

Use Initial Vector (IV) to start process

Ci = EK (Pi XOR Ci-1)
C0 = IV

Uses: bulk data encryption, authentication

1.9.7 CBC Scheme
 1.9.8 Cipher FeedBack (CFB)
Use Initial Vector to start process
Encrypt previous ciphertext , then combined with the
plaintext block using X-OR to produce the current ciphertext
Cipher is fed back (hence name) to concatenate with the rest
of IV
Plaintext is treated as a stream of bits
• Any number of bit (1, 8 or 64 or whatever) to be feed back
(denoted CFB-1, CFB-8, CFB-64)
Relation between plaintext and ciphertext
Ci = Pi XOR SelectLeft(EK (ShiftLeft(Ci-1)))
C0 = IV
Uses: stream data encryption, authentication
1.9.9 CFB Scheme
1.9.10 CFB Encryption/Decryption
 1.9.11 CFB as a Stream Cipher
In CFB mode, encipherment and decipherment use the encryption
function of the underlying block cipher.
 1.9.12 Output FeedBack (OFB)
 Very similar to CFB

 But output of the encryption function output of cipher is

fed back (hence name), instead of ciphertext

 Feedback is independent of message

 Relation between plaintext and ciphertext

Ci = Pi XOR Oi
Oi = EK (Oi-1)
O0 = IV
 Uses: stream encryption over noisy channels
1.9.13 OFB Scheme
 1.9.14 OFB as a Stream Cipher
In OFB mode, encipherment and decipherment use the
encryption function of the underlying block cipher.
 1.9.15 Counter (CTR)
Encrypts counter value with the key rather than any
feedback value (no feedback)

Counter for each plaintext will be different

 can be any function which produces a sequence which is
guaranteed not to repeat for a long time

Relation
Ci = Pi XOR Oi
Oi = EK (i)

Uses: high-speed network encryptions

1.9.16 CTR Scheme
1.9.17 OFB as a Stream Cipher
 1.10 Triple Data Encryption Standard
(Triple-DES)
Triple DES is based on the DES algorithm,
therefore it is very easy to modify existing software
to use Triple DES. It also has the advantage of
proven reliability and a longer key length that
eliminates many of the attacks that can be used to
reduce the amount of time it takes to break DES.
However, even this more powerful version of DES
may not be strong enough to protect data for very
much longer. As such, the DES algorithm itself has
become obsolete and is no longer used.
 1.10.1 Triple DES Algorithm
Before using 3TDES, user first generate and distribute a 3TDES key K,
which consists of three different DES keys K1, K2 and K3. This means
that the actual 3TDES key has length 3×56 = 168 bits. The encryption
scheme is illustrated as follows −
 Triple DES Algorithm
The encryption-decryption process is as follows −
Encrypt the plaintext blocks using single DES with
key K1.
Now decrypt the output of step 1 using single
DES with key K2.
Finally, encrypt the output of step 2 using single
DES with key K3.
The output of step 3 is the ciphertext.
Decryption of a ciphertext is a reverse process.
User first decrypt using K3, then encrypt with
K2, and finally decrypt with K1.
 CONCLUSION
We start our description of security in distributed systems by
taking a look at some general security issues. First, it is
necessary to define what a secure system is. We distinguish
security policies from security mechanisms , and take a look
at the Globus wide-area system for which a security policy
has been explicitly for-mulated. Our second concern is to
consider some general design issues for secure systems.
Finally, we briefly discuss some cryptographic algorithms,
which play a key role in the design of security protocols