8. Network Security

1. 8. Network Security

2. Introduction • Network Security deals with 4 basic problems: • Secrecy - Confidentiality • Authentication – Determining whom ur talking. The process of proving one's identity. • Non-repudiation – deals with signatures. A mechanism to prove that the sender really sent this message • Integrity Control – Msg is the real one. Assuring the receiver that the received message has not been altered in any way from the original

3. Cryptography • Comes from the Greek words for ''secret writing.'' • Distinction between ciphers and codes • A cipher is a character-for-character or bit-for-bit transformation (Encryption & Decryption algorithm) • a code replaces one word with another word or symbol (not used any more)

4. Introduction to Cryptography P = Dk(C)

5. Introduction to Cryptography • Cryptanalysis – Art of breaking ciphers • Cryptology – Art of devising them (cryptography) • Key : Is a number/character or a set of number/character that the cipher or algorithm operates on. • Use of Key: • Everytime changing algorithm is impractical. • Kerchkhoff’s Principle – All algorithm must be public; only the keys are secret. • Longer the key, higher the work factor

6. Encryption methods • Divided into two categories: • Substitution ciphers • In a substitution cipher each letter or group of letters is replaced by another letter or group of letters to disguise it. • Preserve the order of the plaintext • 'fly at once' becomes 'gmz bu podf' by replacing each letter with the one following it in the alphabet. • Transposition ciphers • Reorder the letters but do not disguise them • Eg : 'help me' becomes 'ehpl em' in a trivially simple rearrangement scheme

7. Substitution Ciphers • Caesar cipher • The ciphertext alphabet to be shifted by k letters • For example if k=3 then • a becomes D, b becomes E, c becomes F, ... w becomes Z, x becomes A ….. and z becomes C

8. Substitution Ciphers • Improvement • Monoalphabetic Substitution • Each of the symbols in the plaintext, say, the 26 letters for simplicity, map onto some other letter • plaintext: a b c d e f g h i j k l m n o p q r s t u v w x y z • ciphertext: Q W E R T Y U I O P A S D F G H J K L Z X C V B N M Eg : attack - QZZQEA

9. Breaking Substitution Ciphers • ‘e’ is the most common letter in English • e is commonly followed by t,o,a,n,I etc • Digrams: two letter combinations • th,in,er,re,an…. • Trigrams : three letter combinations • the,ing,and,ion • Find out the frequency of each letters. • Assign the max frequency to ‘e’ • Then the next freq value to t • Then look at trigrams tXe,which strongly suggest X=h • Similarly if the pattern thYt occurs frequently => Y=a • aZW = and

10. Transposition Ciphers

11. One-Time Pads • Unbreakable cipher • Steps: • Choose a random bit string as the key • Convert plaintext into bit string using ASCII • XOR two strings • Disadvantage: • Memorizing the key • Total amount of data is that can be transmitted is limited by amount of key

12. One-Time Pads

13. Quantum Cryptography • Uses Quantum Mechanics to guarantee secure communication. • It enables two parties to produce a shared random bit string known only to them, which can be used as a key to encrypt and decrypt messages. • Vertical = 0 Horizontal = 1 • Lower left to Upper Right = 0 • Upper left to Lower Right = 1 • Rectilinear Basis = set of vertical to horizontal filter • Diagonal basis = same as rectilinear except rotated at 45 degree

14. Example of Quantum Cryptography

15. Types of Cryptography Algorithms (Modern Methods) • Symmetric Key (Secret key) • Same key is used by both parties • Asymmetric key(Public key) • Two keys are used • Private & Public Key • Private key is kept by the receiver. • Public key is announced public

17. Symmetric-Key Algorithms • Uses same key for encryption and decryption • Block Ciphers – n-bit of block of plaintext as input transformed into n-bit block of ciphertext. • Cryptographic algorithms can be implemented in either hardware (for speed) or in software (for flexibility). • P-Box (Permutation) – By appropriate internal wiring, it can be made to perform any transposition • Uses 8 bit of data

18. H/W implementation of transposition cipher 01234567 ?

19. H/W implementation of transposition cipher 01234567 ? 36071245

20. H/W implementation of substitution cipher 01234567 ?

21. H/W implementation of substitution cipher 24506713 01234567 ?

22. product cipher • 212=4096 crossed wires • K bit input = 64 to 256 • 18 Physical stages other than 7

23. DES (Data Encryption Standard) • Product cipher developed by IBM • Plaintext is encrypted in blocks of 64 bits, yielding 64 bits of ciphertext • 56-bit key, 19 distinct stages • The first stage is a key-independent transposition on the 64-bit plaintext • The last stage is the exact inverse of this transposition • The stage prior to the last one exchanges the leftmost 32 bits with the rightmost 32 bits.

25. The remaining 16 stages • Each stage takes two 32-bit inputs and produces two 32-bit outputs. • The left output is simply a copy of the right input. • The right output is the bitwise XOR of the left input and a function of the right input and the key for this stage, Ki. • All the complexity lies in this function

27. Function. • The function consists of four steps • First, a 48-bit number, E, is constructed by expanding the 32-bit Ri - 1 according to a fixed transposition and duplication rule • Second, E and Ki are XORed together • This output is then partitioned into eight groups of 6 bits each, each of which is fed into a different S-box. Each of the 64 possible inputs to an S-box is mapped onto a 4-bit output. • Finally, these 8 x 4 bits are passed through a P-box.

28. FIESTEL FUNCTION (F-Function) 48 bit

29. Key • Before the algorithm starts, a 56-bit transposition is applied to the key • Before each iteration, the key is partitioned into two 28-bit units, each of which is rotated left by a number of bits dependent on the iteration number • Yet another 56-bit transposition to it. A different 48-bit subset of the 56bits is extracted and permuted on each round

30. Whitening • It consists of XORing a random 64-bit key with each plaintext block before feeding it into DES • and then XORing a second 64-bit key with the resulting ciphertext before transmitting it.

31. Triple DES To increase the key length of DES

32. Raised two questions (Triple DES) • Why two keys not three? • 112(56*2) is adequate for commercial applications. • 168 (56*3) bit key just increases overhead. • Why EDE & not EEE? • Using triple encryption can speak to one using single encryption by just setting K1 = K2.

33. AESThe Advanced Encryption Standard • The algorithm must be a symmetric block cipher. • The full design must be public. • Key lengths of 128, 192, and 256 bits must be supported. • Both software and hardware implementations must be possible. • The algorithm must be public or licensed on nondiscriminatory terms.

34. AESThe Advanced Encryption Standard • Fifteen serious proposals were made • In August 1998, NIST (National Institute of Standards and Technology)selected five finalists primarily on the basis of their security, efficiency, simplicity, flexibility, and memory requirements

35. The finalists and their scores were as follows: • Rijndael (from Joan Daemen and Vincent Rijmen, 86 votes). • Serpent (from Ross Anderson, Eli Biham, and Lars Knudsen, 59 votes). • Twofish (from a team headed by Bruce Schneier, 31 votes). • RC6 (from RSA Laboratories, 23 votes). • MARS (from IBM, 13 votes).

36. Rijndael • Key & Block size : Supports 128 bits to 256 bits • AES has two variants: • 128 bit block with 128 bit key • 128 bit block with 256 bit key • 128 bit key => 2128 = 3*1038 • 1 billion processor which can evaluate 1 key per picosecond (10−12 seconds) it would take 1010 yrs to search the key space.

37. Rijndael • Also uses Permutation & Substitution • There are Multiple rounds/iterations which depends on key size • 10 rounds for 128 bit key • 14 rounds for 256 bit key

38. An outline of Rijndael

39. AES

40. Step 1 (Byte by Byte substitution on state using S Box) Rijndael uses only one SBox unlike DES which uses multiple SBox

41. Step 2 (Rotation)

42. Step 3 (Mix Columns)

43. Step 4 (AddRoundKey step )

44. Cipher Modes • Property of Block Ciphers • The same plaintext block goes in the front end, the same ciphertext block comes out the back end • If you encrypt the plaintext abcdefgh 100 times with the same DES key, you get the same ciphertext 100 times • Electronic Code Book Mode : Breaking up long piece of plaintext into 8 byte(64 bit) and encrypting it.

45. Electronic Code Book Mode The plaintext of a file encrypted as 16 DES blocks.

46. Cipher Modes • Cipher Block Chaining Mode • Cipher Feedback Mode • Stream Cipher Mode • Counter Mode

47. Cipher Block Chaining Mode

48. Cipher Block Chaining Mode • Each plaintext block is XORed with the previous ciphertext block before being encrypted • The first block is XORed with a randomly chosen IV (Initialization Vector), which is transmitted (in plaintext) along with the ciphertext.

49. Cipher Block Chaining Mode

50. Cipher Block Chaining Mode(Advantage & Disadvantage) • Adv: • Same plaintext block will not result in the same ciphertext block • Disadv : • Requiring an entire 64-bit block to arrive before decryption can begin