1.97k likes | 2.04k Views
Information and Network Security B.E. Semester VII (CE/IT). Text: CRYPTOGRAPHY AND NETWORK SECURITY – Principles and Practice by William Stallings. Hiren B Patel. CONVENTIONAL ENCRYPTION: CLASSICAL TECHNIQUES. Home. MODEL OF CONVENTIONAL ENVRYPTION. Home.
E N D
Information and Network Security B.E. Semester VII (CE/IT) Text: CRYPTOGRAPHY AND NETWORK SECURITY – Principles and Practice by William Stallings Hiren B Patel
CRYPTOGRAPHY • Types of operations used for transforming plaintext to ciphertext. • Substitution • Transposition • Number of keys used. • Symmetric/Single key/Secret key/Conventional • Asymmetric/Two key/public key • The way in which the plaintext is processed. • Block Cipher • Stream Cipher Home
CRYPTANALYSIS • It is the study of methods for obtaining the meaning of encrypted information, without access to the secret information. • It includes methods and techniques of recovering information from encrypted material without knowledge of the key. • Someone who performs cryptanalysis is called a cryptanalyst. Home
Classical Encryption Techniques • Caesar Cipher • Playfair Cipher • Hill Cipher • Rotor Machines Home
Caesar Cipher – Substitution Cipher Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ Cipher: DEFGHIJKLMNOPQRSTUVWXYZABC Home
Caesar Cipher - Example Plaintext: the quick brown fox jumps over the lazy dog Ciphertext: WKH TXLFN EURZQ IRA MXPSV RYHU WKH ODCB GRJ Encryption: En(X) = (X + n) mod 26 Decryption: Dn(X) = (X – n) mod 26 Home
Caesar Cipher – Breaking the Code The Caesar cipher can be easily broken even in a ciphertext-only scenario. Since there are only a limited number of possible shifts (26 in English), they can each be tested in turn in a brute force attack. A brute force attack is a method of defeating a cryptographic scheme by systematically trying a large number of possibilities. Have some fun on: http://www.secretcodebreaker.com/caesar.html Home
Playfair Cipher The Playfair cipher uses a 5 X 5 (also 6 X 6) table containing a key word or phrase. For example, Using "playfair example" as the key, the table becomes P L A Y F I R E X M B C D G H J K N O S T U V W Z Encrypting the message "Hide the gold in the tree stump": HI DE TH EG OL DI NT HE TR EX ES TU MP Encrypted Message BM ND ZB XD KY BE JV DM UI XM MN UV IF Home
Playfair Cipher Home
Hill Cipher Each letter is first encoded as a number. Often the simplest scheme is used: A = 0, B =1, ..., Z=25. This algorithm takes m successive plaintext letters and substitutes for them m ciphertext letters. For m=3, the system can be described as below. C1 = (k11p1 + k12p2 + k13p3) mod 26 C2 = (k21p1 + k22p2 + k23p3) mod 26 C4 = (k31p1 + k32p2 + k33p3) mod 26 Home
Hill Cipher - Decryption In order to decrypt, we turn the ciphertext back into a vector, then simply multiply by the inverse matrix of the key matrix (IFKVIVVMI in letters). Home
Steganography Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. The word steganography is of Greek origin and means "concealed writing" from the Greek words steganos (στεγανός) meaning "covered or protected", and graphein (γράφειν) meaning "to write". Home
Steganography Vs. Cryptography The advantage of steganography, over cryptography alone, is that messages do not attract attention to themselves. Plainly visible encrypted messages—no matter how unbreakable—will arouse suspicion, and may in themselves be incriminating in countries where encryption is illegal. Therefore, whereas cryptography protects the contents of a message, steganography can be said to protect both messages and communicating parties. Home
Steganography Steganography includes the concealment of information within computer files. In digital steganography, electronic communications may include steganographic coding inside of a transport layer, such as a document file, image file, program or protocol. Media files are ideal for steganographic transmission because of their large size. As a simple example, a sender might start with an innocuous image file and adjust the color of every 100th pixel to correspond to a letter in the alphabet, a change so subtle that someone not specifically looking for it is unlikely to notice it. Home
Steganography: Example Steganart example: Within this picture, the letter positions of a hidden message are represented by increasing numbers (1 to 20), and a letter value is given by its intersection position in the grid. For instance, the first letter of the hidden message is at the intersection of 1 and 4. So, after a few tries, the first letter of the message seems to be the 14th letter of the alphabet; the last one (number 20) is the 5th letter of the alphabet. Home
SIMPLIFIED DES IP: Initial Permutation fk: A Complex Function (which involved both substitution and permutation) SW: Switch the data into two halves IP-1: The inverse of IP P: Permutation Ciphertext = IP-1(fk2(SW(fk1(IP(plaintext))))) k1=P8(Shift(P10(key))) k2=P8(Shift(Shift(P10(key)))) Plaintext = IP-1(fk1(SW(fk2(IP(ciphertext))))) Home
BLOCK CIPHER PRINCIPLES • Stream Ciphers and Block Ciphers • Stream cipher: one bit or byte at a time • Block cipher: a large block, typically 64 or 128 bits, at a time • Block ciphers work on a block at a time, which is some number of bits. All of these bits have to be available before they can be processed • Broader range of applications than stream ciphers • Large block thwarts statistical attacks Home
BLOCK CIPHER PRINCIPLES • Motivation for the Feistel Cipher Structure • What is the most general form of block cipher? • For n-bit block, consider the transformation, F: 2n 2n • F must be reversible, i.e., 1-1 correspondence • (Ideal block cipher) 2n! mappings mapping itself is a key key size = O(n 2n) bits • 64-bit block 270 1021 bits key Not practical Need approximation (k-bit key, 2k possible mappings) Home
Ideal Block Cipher Home
Motivation for Feistel Cipher Structure • In 1949, Claude Shannon introduced the idea of substitution-permutation (S-P) networks which form the basis of modern block ciphers Home
Motivation for Feistel Cipher Structure • S-P network: a special form of substitution-transposition product cipher • Product cipher • Two or more simple ciphers are performed in sequence in such a way that the final result or product is cryptographically stronger than any of the component ciphers • Feistel cipher • In 1970’s, Horst Feistel (IBM T.J. Watson Research Labs) invented a suitable (practical) structure which adapted Shannon’s S-P network • Encryption and decryption use the same structure Home
Feistel Cipher Structure • Input block is partitioned into two halves, Li-1 and Ri-1 • In round i, Li = Ri-1 Ri = Li-1 F(Ki,Ri-1) • Substitution followed by permutation • Multiple rounds • An Implementation of Shannon’s S-P network (SPN) concept Home
Feistel Cipher Design Elements • Block size • Increasing size improves security, but slows cipher • Key size • Increasing size improves security, makes exhaustive key searching harder, but may slow cipher • Number of rounds • Increasing number improves security, but slows cipher • Subkey generation algorithm • Greater complexity can make analysis harder, but slows cipher • Round function • Greater complexity can make analysis harder, but slows cipher • Fast software encryption/decryption • Ease of analysis Home
Feistel Decryption Algorithm • Essentially same as the encryption • Same algorithm but use the subkeys Ki in reverse order • F need not be a reversible function • Satisfy DK(EK(P)) = P Home
THE DATA ENCRYPTION STANDANRD • Block cipher (64-bit block) • Uses 56-bit key (out of 64 bits) • 16 rounds • 48-bit subkeys • Feistel structure (except initial and final permutations) Home
Home Single Round of DES
DIFFERENTIAL AND LINEAR CRYPTANALYSIS Linear cryptanalysis is a general form of cryptanalysis based on finding affined approximations to the action of a cipher. There are two parts to linear cryptanalysis. The first is to construct linear equations relating plaintext, ciphertext and key bits that have a high bias; that is, whose probabilities of holding (over the space of all possible values of their variables) are as close as possible to 0 or 1. The second is to use these linear equations in conjunction with known plaintext-ciphertext pairs to derive key bits. Constructing linear equations Deriving key bits Home
BLOCK CIPHER DESIGN PRINCIPLES • Permutation • Number of rounds • Design of Function F • S-Box Design • Key Schedule Algorithm Home
BLOCK CIPHER MODES OF OPERATION Electronic Codebook (ECB) Cipher Block Chaining (CBC) Cipher Feedback (CFB) Output Feedback (OFB) Home
BLOCK CIPHER MODES OF OPERATION Electronic Codebook (ECB) Home
BLOCK CIPHER MODES OF OPERATION Cipher Block Chaining (CBC) Home
BLOCK CIPHER MODES OF OPERATION Cipher Feedback Mode (CFB) Home
BLOCK CIPHER MODES OF OPERATION Output Feedback Mode (OFB) Home
Triple DES • Triple DES is the common name for the Triple Data Encryption Algorithm (TDEA) block cipher. • It is so named because it applies the Data Encryption Standard (DES) cipher algorithm three times to each data block. • Triple DES provides a relatively simple method of increasing the key size of DES to protect against brute force attacks, without requiring a completely new block cipher algorithm.
Triple DES • Triple DES uses a "key bundle" which comprises three DES keys, K1, K2 and K3, each of 56 bits (excluding parity bits). The encryption algorithm is: • ciphertext = EK3(DK2(EK1(plaintext))) • i.e., DES encrypt with K1, DES decrypt with K2, then DES encrypt with K3. • Decryption is the reverse: • plaintext = DK1(EK2(DK3(ciphertext))) • I.e., decrypt with K3, encrypt with K2, then decrypt with K1. • Each triple encryption encrypts one block of 64 bits of data. • In each case the middle operation is the reverse of the first and last. This improves the strength of the algorithm when using keying option 2, and provides backward compatibility with DES with keying option 3.
InternationalData Encryption Algorithm (IDEA) In cryptography, the International Data Encryption Algorithm (IDEA) is a block cipher designed by James Massey of ETH Zurich and Xuejia Lai and was first described in 1991. As a block cipher, it is also symmetric. The algorithm was intended as a replacement for the Data Encryption Standard. IDEA is a minor revision of an earlier cipher, PES (Proposed Encryption Standard); IDEA was originally called IPES (Improved PES).
InternationalData Encryption Algorithm (IDEA) IDEA operates on 64-bit blocks using a 128-bit key, and consists of a series of eight identical transformations (a round, see the illustration) and an output transformation (the half-round). The processes for encryption and decryption are similar. IDEA derives much of its security by interleaving operations from different groups — modular addition and multiplication, and bitwise eXclusive OR (XOR) — which are algebraically "incompatible" in some sense. In more detail, these operators, which all deal with 16-bit quantities, are: After the eight rounds comes a final "half round", the output transformation illustrated below: