1 / 192

Information and Network Security B.E. Semester VII (CE/IT)

Information and Network Security B.E. Semester VII (CE/IT). Text: CRYPTOGRAPHY AND NETWORK SECURITY – Principles and Practice by William Stallings. Hiren B Patel. CONVENTIONAL ENCRYPTION: CLASSICAL TECHNIQUES. Home. MODEL OF CONVENTIONAL ENVRYPTION. Home.

josephk
Download Presentation

Information and Network Security B.E. Semester VII (CE/IT)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Information and Network Security B.E. Semester VII (CE/IT) Text: CRYPTOGRAPHY AND NETWORK SECURITY – Principles and Practice by William Stallings Hiren B Patel

  2. CONVENTIONAL ENCRYPTION: CLASSICAL TECHNIQUES Home

  3. MODEL OF CONVENTIONAL ENVRYPTION Home

  4. MODEL OF CONVENTIONAL CRYPTOSYSTEM Home

  5. CRYPTOGRAPHY • Types of operations used for transforming plaintext to ciphertext. • Substitution • Transposition • Number of keys used. • Symmetric/Single key/Secret key/Conventional • Asymmetric/Two key/public key • The way in which the plaintext is processed. • Block Cipher • Stream Cipher Home

  6. CLASSICAL ENCRYPTION TECHNIQUES Home

  7. CRYPTANALYSIS • It is the study of methods for obtaining the meaning of encrypted information, without access to the secret information. • It includes methods and techniques of recovering information from encrypted material without knowledge of the key. • Someone who performs cryptanalysis is called a cryptanalyst. Home

  8. TYPES OF ATTACKS ON ENCRYPTED MESSAGES Home

  9. Classical Encryption Techniques • Caesar Cipher • Playfair Cipher • Hill Cipher • Rotor Machines Home

  10. Caesar Cipher – Substitution Cipher Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ Cipher: DEFGHIJKLMNOPQRSTUVWXYZABC Home

  11. Caesar Cipher - Example Plaintext: the quick brown fox jumps over the lazy dog Ciphertext: WKH TXLFN EURZQ IRA MXPSV RYHU WKH ODCB GRJ Encryption: En(X) = (X + n) mod 26 Decryption: Dn(X) = (X – n) mod 26 Home

  12. Caesar Cipher – Breaking the Code The Caesar cipher can be easily broken even in a ciphertext-only scenario. Since there are only a limited number of possible shifts (26 in English), they can each be tested in turn in a brute force attack. A brute force attack is a method of defeating a cryptographic scheme by systematically trying a large number of possibilities. Have some fun on: http://www.secretcodebreaker.com/caesar.html Home

  13. Playfair Cipher The Playfair cipher uses a 5 X 5 (also 6 X 6) table containing a key word or phrase. For example, Using "playfair example" as the key, the table becomes P L A Y F I R E X M B C D G H J K N O S T U V W Z Encrypting the message "Hide the gold in the tree stump": HI DE TH EG OL DI NT HE TR EX ES TU MP Encrypted Message BM ND ZB XD KY BE JV DM UI XM MN UV IF Home

  14. Playfair Cipher Home

  15. Hill Cipher Each letter is first encoded as a number. Often the simplest scheme is used: A = 0, B =1, ..., Z=25. This algorithm takes m successive plaintext letters and substitutes for them m ciphertext letters. For m=3, the system can be described as below. C1 = (k11p1 + k12p2 + k13p3) mod 26 C2 = (k21p1 + k22p2 + k23p3) mod 26 C4 = (k31p1 + k32p2 + k33p3) mod 26 Home

  16. Hill Cipher - Encryption Home

  17. Hill Cipher - Decryption In order to decrypt, we turn the ciphertext back into a vector, then simply multiply by the inverse matrix of the key matrix (IFKVIVVMI in letters). Home

  18. Steganography Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. The word steganography is of Greek origin and means "concealed writing" from the Greek words steganos (στεγανός) meaning "covered or protected", and graphein (γράφειν) meaning "to write". Home

  19. Steganography Vs. Cryptography The advantage of steganography, over cryptography alone, is that messages do not attract attention to themselves. Plainly visible encrypted messages—no matter how unbreakable—will arouse suspicion, and may in themselves be incriminating in countries where encryption is illegal. Therefore, whereas cryptography protects the contents of a message, steganography can be said to protect both messages and communicating parties. Home

  20. Steganography Steganography includes the concealment of information within computer files. In digital steganography, electronic communications may include steganographic coding inside of a transport layer, such as a document file, image file, program or protocol. Media files are ideal for steganographic transmission because of their large size. As a simple example, a sender might start with an innocuous image file and adjust the color of every 100th pixel to correspond to a letter in the alphabet, a change so subtle that someone not specifically looking for it is unlikely to notice it. Home

  21. Steganography: Example Steganart example: Within this picture, the letter positions of a hidden message are represented by increasing numbers (1 to 20), and a letter value is given by its intersection position in the grid. For instance, the first letter of the hidden message is at the intersection of 1 and 4. So, after a few tries, the first letter of the message seems to be the 14th letter of the alphabet; the last one (number 20) is the 5th letter of the alphabet. Home

  22. CONVENTIONAL ENCRYPTION: MODERN TECHNIQUES Home

  23. SIMPLIFIED DES IP: Initial Permutation fk: A Complex Function (which involved both substitution and permutation) SW: Switch the data into two halves IP-1: The inverse of IP P: Permutation Ciphertext = IP-1(fk2(SW(fk1(IP(plaintext))))) k1=P8(Shift(P10(key))) k2=P8(Shift(Shift(P10(key)))) Plaintext = IP-1(fk1(SW(fk2(IP(ciphertext))))) Home

  24. BLOCK CIPHER PRINCIPLES • Stream Ciphers and Block Ciphers • Stream cipher: one bit or byte at a time • Block cipher: a large block, typically 64 or 128 bits, at a time • Block ciphers work on a block at a time, which is some number of bits. All of these bits have to be available before they can be processed • Broader range of applications than stream ciphers • Large block thwarts statistical attacks Home

  25. BLOCK CIPHER PRINCIPLES • Motivation for the Feistel Cipher Structure • What is the most general form of block cipher? • For n-bit block, consider the transformation, F: 2n 2n • F must be reversible, i.e., 1-1 correspondence • (Ideal block cipher) 2n! mappings  mapping itself is a key  key size = O(n  2n) bits • 64-bit block  270  1021 bits key  Not practical  Need approximation (k-bit key, 2k possible mappings) Home

  26. Ideal Block Cipher Home

  27. Motivation for Feistel Cipher Structure • In 1949, Claude Shannon introduced the idea of substitution-permutation (S-P) networks which form the basis of modern block ciphers Home

  28. Motivation for Feistel Cipher Structure • S-P network: a special form of substitution-transposition product cipher • Product cipher • Two or more simple ciphers are performed in sequence in such a way that the final result or product is cryptographically stronger than any of the component ciphers • Feistel cipher • In 1970’s, Horst Feistel (IBM T.J. Watson Research Labs) invented a suitable (practical) structure which adapted Shannon’s S-P network • Encryption and decryption use the same structure Home

  29. Feistel Cipher Structure  • Input block is partitioned into two halves, Li-1 and Ri-1 • In round i, Li = Ri-1 Ri = Li-1  F(Ki,Ri-1) • Substitution followed by permutation • Multiple rounds • An Implementation of Shannon’s S-P network (SPN) concept   Home

  30. Feistel Cipher Design Elements • Block size • Increasing size improves security, but slows cipher • Key size • Increasing size improves security, makes exhaustive key searching harder, but may slow cipher • Number of rounds • Increasing number improves security, but slows cipher • Subkey generation algorithm • Greater complexity can make analysis harder, but slows cipher • Round function • Greater complexity can make analysis harder, but slows cipher • Fast software encryption/decryption • Ease of analysis Home

  31. Feistel Decryption Algorithm • Essentially same as the encryption • Same algorithm but use the subkeys Ki in reverse order • F need not be a reversible function • Satisfy DK(EK(P)) = P Home

  32. THE DATA ENCRYPTION STANDANRD • Block cipher (64-bit block) • Uses 56-bit key (out of 64 bits) • 16 rounds • 48-bit subkeys • Feistel structure (except initial and final permutations) Home

  33. THE DATA ENCRYPTION STANDANRD Home

  34. Initial / Inverse Initial Permutation Home

  35. Home Single Round of DES

  36. DIFFERENTIAL AND LINEAR CRYPTANALYSIS Linear cryptanalysis is a general form of cryptanalysis based on finding affined approximations to the action of a cipher. There are two parts to linear cryptanalysis. The first is to construct linear equations relating plaintext, ciphertext and key bits that have a high bias; that is, whose probabilities of holding (over the space of all possible values of their variables) are as close as possible to 0 or 1. The second is to use these linear equations in conjunction with known plaintext-ciphertext pairs to derive key bits. Constructing linear equations Deriving key bits Home

  37. BLOCK CIPHER DESIGN PRINCIPLES • Permutation • Number of rounds • Design of Function F • S-Box Design • Key Schedule Algorithm Home

  38. BLOCK CIPHER MODES OF OPERATION Electronic Codebook (ECB) Cipher Block Chaining (CBC) Cipher Feedback (CFB) Output Feedback (OFB) Home

  39. BLOCK CIPHER MODES OF OPERATION Electronic Codebook (ECB) Home

  40. BLOCK CIPHER MODES OF OPERATION Cipher Block Chaining (CBC) Home

  41. BLOCK CIPHER MODES OF OPERATION Cipher Feedback Mode (CFB) Home

  42. BLOCK CIPHER MODES OF OPERATION Output Feedback Mode (OFB) Home

  43. CONVENTIONAL ENCRYPTION: ALGORITHS Home

  44. Triple DES • Triple DES is the common name for the Triple Data Encryption Algorithm (TDEA) block cipher. • It is so named because it applies the Data Encryption Standard (DES) cipher algorithm three times to each data block. • Triple DES provides a relatively simple method of increasing the key size of DES to protect against brute force attacks, without requiring a completely new block cipher algorithm.

  45. Triple DES

  46. Triple DES

  47. Triple DES

  48. Triple DES • Triple DES uses a "key bundle" which comprises three DES keys, K1, K2 and K3, each of 56 bits (excluding parity bits). The encryption algorithm is: • ciphertext = EK3(DK2(EK1(plaintext))) • i.e., DES encrypt with K1, DES decrypt with K2, then DES encrypt with K3. • Decryption is the reverse: • plaintext = DK1(EK2(DK3(ciphertext))) • I.e., decrypt with K3, encrypt with K2, then decrypt with K1. • Each triple encryption encrypts one block of 64 bits of data. • In each case the middle operation is the reverse of the first and last. This improves the strength of the algorithm when using keying option 2, and provides backward compatibility with DES with keying option 3.

  49. InternationalData Encryption Algorithm (IDEA) In cryptography, the International Data Encryption Algorithm (IDEA) is a block cipher designed by James Massey of ETH Zurich and Xuejia Lai and was first described in 1991. As a block cipher, it is also symmetric. The algorithm was intended as a replacement for the Data Encryption Standard. IDEA is a minor revision of an earlier cipher, PES (Proposed Encryption Standard); IDEA was originally called IPES (Improved PES).

  50. InternationalData Encryption Algorithm (IDEA) IDEA operates on 64-bit blocks using a 128-bit key, and consists of a series of eight identical transformations (a round, see the illustration) and an output transformation (the half-round). The processes for encryption and decryption are similar. IDEA derives much of its security by interleaving operations from different groups — modular addition and multiplication, and bitwise eXclusive OR (XOR) — which are algebraically "incompatible" in some sense. In more detail, these operators, which all deal with 16-bit quantities, are: After the eight rounds comes a final "half round", the output transformation illustrated below:

More Related