1 / 49

Unit -1

Unit -1. Triple DES. Triple DES. 3DES was first Standardized for use in financial application in ANSI standard X9.17 in 1985 3DES uses three keys and three executions of DES algorithm . The Function Follows (EDE) Encrypt – Decrypt – Encrypt. C= E(K 3 ,D(K 2 ,E(K 1 ,P))) WHERE

darice
Download Presentation

Unit -1

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Unit -1

  2. Triple DES

  3. Triple DES • 3DES was first Standardized for use in financial application in ANSI standard X9.17 in 1985 • 3DES uses three keys and three executions of DES algorithm . • The Function Follows (EDE) • Encrypt – Decrypt – Encrypt NETWORK SECURITY BY: Homera Durani

  4. C= E(K 3,D(K2,E(K1,P))) • WHERE • C= cipher text • P = Palin text NETWORK SECURITY BY: Homera Durani

  5. NETWORK SECURITY BY: Homera Durani

  6. Decryption is simply the same operation with the key reversed • P=D(K1,E(K2,D(K3,C))) NETWORK SECURITY BY: Homera Durani

  7. The only advantage is that it allows users of 3DES to decrypt data encrypted by users • C=E(K1,D(K1,E(K1,P)))=E[K,P] • With three distinct key , 3DES has key length of 168 bits. NETWORK SECURITY BY: Homera Durani

  8. The following Guidelines for 3DES • 3DES is the FIPS approved symmetric encryption algorithm of choice. • Original DES uses 56- bit key, So new procurement should support 3DES • DES systems are encouraged to 3DES • 3DES and AES (Advanced Encryption standard ) will coexits. NETWORK SECURITY BY: Homera Durani

  9. Advanced Encryption Standard • The Principal drawback of 3DES is that algorithm is sluggish in software. • Original DEA was designed for 1970 • 3DES has three times rounds as DEA • Major draw back Both 3DES and DEA use 64-bit block size • Thus for long term use NIST , in 1997 call for proposals for Advanced Encryption Standard (AES), for security strength better than 3DES. NETWORK SECURITY BY: Homera Durani

  10. NIST specified that AES must be symmetric block cipher with block length of 128 bits and support key length of 128,192 and 256 bits. • In a first round 15 proposed algorithm were accepted. • Second Round 5 algorithm . • NIST completed its evaluation process and published final in November 2001. NETWORK SECURITY BY: Homera Durani

  11. NIST selected Rijndael as proposed AES algorithm • Two Researchers who developed and submitted Rijndael for AES are cryptographers from Belgium : • Dr. Joan Daemen • Dr. Vincent Rijmen. NETWORK SECURITY BY: Homera Durani

  12. Overview of the Algorithm • AES uses a block length of 128 bits and a key length of 128,192 or 256 bits. • This block is depicted as a square matrix of bytes. • The block is copied to STATE array which is modified at each stage of encryption or decryption . • Final Stage , State is Copied to Matrix NETWORK SECURITY BY: Homera Durani

  13. So, 128 bit key is depicted as a square matrix of bytes. • Therefore each word is four bytes and total key is 44 words for 128 – bit key. • Ordering of bytes within a matrix is by column NETWORK SECURITY BY: Homera Durani

  14. 4Transformations: • Substitute Bytes • Shift Rows • Mix Columns • Add Round Key NETWORK SECURITY BY: Homera Durani

  15. It is not Feistel Structure • Key Provided as input is expanded into an array of 44 , 32 bit words. • Four Different Stages are used and three of substitution • Substitute bytes • Shift rows • Mix Columns • Add Round key NETWORK SECURITY BY: Homera Durani

  16. It is quite Simple , Both Encryption and Decryption , cipher begins with an Add round Key stage, followed by nine rounds that each includes four stages , and tenth round of three stage. • Add Round only use key • Each stage is easily reversible. • Decryption algorithm make use of the expanded key in reverse order. NETWORK SECURITY BY: Homera Durani

  17. When all the four stages are reversible , it is easy to verify that decryption covers plain text. • Final round of both encryption and decryption consists of three stage. NETWORK SECURITY BY: Homera Durani

  18. 2.3 STREAM CIPHERS AND RC4

  19. A block cipher processes the input one block of elements at a time producing an output block for each input block. • Astream cipher processes the input elements continuously, producing output one element at a time, as it goes along. • The most popular is • Stream Cipher • RC4 NETWORK SECURITY BY: Homera Durani

  20. Stream Cipher Structure • Stream cipher encrypts plaintext one byte at a time , although stream cipher is designed to operate one bit at a time • In this structure a key is input to a pseudorandom bit generator that produces a stream of 8- bit numbers that are apparently random. • Stream is unpredictable without knowledge of the input key and which has a apparently random character. NETWORK SECURITY BY: Homera Durani

  21. The output of the generator , called a key stream , is combined one byte at a time with the plain text stream using the bitwise exclusive OR(XOR) operation. • Example • 11001100 plain text • ⊕ 01101100 key stream • ___________ • 10100000 ciphertext NETWORK SECURITY BY: Homera Durani

  22. Decryption requires use of the same sequence • 10100000 cipher text • ⊕01101100 key stream • ____________ • 11001100 plain text NETWORK SECURITY BY: Homera Durani

  23. Important Design for stream cipher • Encryption sequence should have a large period. • Key stream should have true random number stream • Output of the pseudorandom number generator is conditioned on the value of the input key. Advantage Stream cipher is always faster and use less code than block ciphers. NETWORK SECURITY BY: Homera Durani

  24. RC4 can be implemented in few lines code. • Advantage of block cipher is reuse of key • If two plaintext are encrypted with the same key using a stream cipher then cryptanalysis is often quite simple. NETWORK SECURITY BY: Homera Durani

  25. RC4 • RC4 is a stream cipher designed in 1987 by Ron Rivest for RSA Security • It is variable key –size stream cipher with byte – oreinted operations. • Algorithm is based on use of random permutation • Analysis shows that cipher is greater than 10100. NETWORK SECURITY BY: Homera Durani

  26. Eight to sixteen machine operations are required per output byte, and the cipher can be expected to run very quickly in software. • RC4 is used in the SSL/TLS (Secure Sockets Layer/ Transport Layer Security) standards that have been defined for communication between web browsers and servers. • Also used in WEP(Wired Equivalent privacy) protocol and in WIFI Protected Access(WPA) NETWORK SECURITY BY: Homera Durani

  27. Protocol that are part of IEEE 802.11 wireless LAN Standard. • RC4 was kept as a trade secret by RSA security. • In September 1994, RC4 algorithm was posted on the internet on the cypherpunks • RC4 is simple and quite easy to explain. • Its key length is 1 to 256 bytes ( 8 to 2048 bits) NETWORK SECURITY BY: Homera Durani

  28. Initialized to S with elements s[0],s[1]…s[255]. • For encryption and decryption byte k is generated from S by selecting one of the 255 entries in a systematic fashion. NETWORK SECURITY BY: Homera Durani

  29. Initialization of S • For i=0 to 255 do • S[i]=i; • T[i]=k[i mod keylen]; NETWORK SECURITY BY: Homera Durani

  30. Initial permutation of s • Swapping • J=0; • For i=0 to 255 do • J=(j + s[i] + T[i] ) mod 256; • Swap (s[i],s[j]); NETWORK SECURITY BY: Homera Durani

  31. Stream Generation • Stream Generation • I ,j,=0; • While (true) • i=(i+1) mod 256; • J=(j+ s[i] ) mod 256; • Swap (s [i], s[j] ); • T= (s [i] + s [j] ) mod 256; • K= s [t]; NETWORK SECURITY BY: Homera Durani

  32. Strength of RC4 • Number of paper have been published analyzing methods of attacking RC4 NETWORK SECURITY BY: Homera Durani

  33. CIPHER BLOCK MODES OF OPERATION

  34. CIPHER BLOCK MODES OF OPERATION • CHIPER BLOCK CHAINING MODE • CIPHER FEEDBACK MODE NETWORK SECURITY BY: Homera Durani

  35. ECB (Electronic code book) may not be secure, if the message is highly structured with the period of repetition of a multiple 64 bits. • To overcome the security deficiencies of ECB, technique in which same plain text block , if repeated , produces different cipher text blocks • Two common alternatives defined by FIPS PUB 81. NETWORK SECURITY BY: Homera Durani

  36. CHIPER BLOCK CHAINING MODE • CIPHER FEEDBACK MODE NETWORK SECURITY BY: Homera Durani

  37. Cipher Block Chaining Mode • CBC mode, the input to encryption algorithm is the XOR of the current plaintext block & preceding cipher text block. • Same key Is used for each block. • Here input to the encryption function for each plain text block bears no fixed relationship to the plain text block. • Thus 64 bits are not used. • Same way decryption , each cipher lock is passed through decryption algorithm. NETWORK SECURITY BY: Homera Durani

  38. NETWORK SECURITY BY: Homera Durani

  39. NETWORK SECURITY BY: Homera Durani

  40. Cipher Feedback Mode • Convert any block cipher into a stream cipher by using CFB mode. • It eliminates the need to pad a message to be integral number of blocks. • Also operate in real time. • If Character stream is transmitted , immediately using character-oriented stream cipher. • If 8 bit character are being transmitted , each character should be encrypted using 8 bits. NETWORK SECURITY BY: Homera Durani

  41. The unit of transmission is s bits. • A common value is s=8. • In CBC unit of plaintext are chained together , so that the cipher text of any plain text unit is a function of all preceding plaintext. • The input to the encryption function is a 64-bit shift register that is initially set to some initialization vector. • The left most s bits of the output of the encryption function are XORed with the first NETWORK SECURITY BY: Homera Durani

  42. Unit of cipher text C1, which is then transmitted. • Then shift register are shifted by s bits and C1 is placed in the right most. • This process continuous until all plaintext have been encrypted, • For decryption same scheme is except. NETWORK SECURITY BY: Homera Durani

  43. Location of encryption devices

  44. Link encryption: • A lot of encryption devices • High level of security • Decrypt each packet at every switch • End-to-end encryption • The source encrypt and the receiver decrypts • Payload encrypted • Header in the clear • High Security: Both link and end-to-end encryption are needed NETWORK SECURITY BY: Homera Durani

  45. NETWORK SECURITY BY: Homera Durani

  46. Key Distribution

  47. A key could be selected by A and physically delivered to B. • A third party could select the key and physically deliver it to A and B. • If A and B have previously used a key, one party could transmit the new key to the other, encrypted using the old key. • If A and B each have an encrypted connection to a third party C, C could deliver a key on the encrypted links to A and B. NETWORK SECURITY BY: Homera Durani

  48. Session key: • Data encrypted with a one-time session key.At the conclusion of the session the key is destroyed • Permanent key: • Used between entities for the purpose of distributing session keys • Key Distribution center • KDC determines which systems are allowed to communicate with each other. When permission is granted for two systems to establish a connection, the key distribution provides one- time session. NETWORK SECURITY BY: Homera Durani

  49. Security service module(SSM) • This module , which may consist of functionality at one protocol layer , performs end- to- end encryption and obtains session keys on behalf of users. NETWORK SECURITY BY: Homera Durani

More Related