Search for notes by fellow students, in your own course and all over the country.
Browse our notes for titles which look like what you need, you can preview any of the notes via a sample of the contents. After you're happy these are the notes you're after simply pop them into your shopping cart.
Document Preview
Extracts from the notes are below, to see the PDF you'll receive please use the links above
Advanced Encryption Standard
The most popular and widely utilized symmetric encryption
algorithm that is most likely to be employed nowadays is the
Advanced Encryption Standard (AES)
...
A successor was needed since DES's key size was insufficient
...
Triple DES was
developed to alleviate this problem, however it was found to be
slow
...
Its
foundation is a "substitution-permutation network
...
It's interesting to note that AES uses bytes rather than bits for all
of its calculations
...
For processing as a matrix, these 16 bytes
are organized into four columns and four rows −
Unlike DES, the number of rounds in AES is variable and depends
on the length of the key
...
Each of
these rounds uses a different 128-bit round key, which is
calculated from the original AES key
...
Each round comprise of four sub-processes
...
The result is in a matrix of four rows and
four columns
...
Any
entries that ‘fall off’ are re-inserted on the right side of row
...
Second row is shifted one (byte) position to the left
...
Fourth row is shifted three positions to the left
...
MixColumns
Now, a unique mathematical function is used to change each
column of four bytes
...
The outcome is another new matrix
with 16 more bytes
...
Addroundkey
The 16 bytes of the matrix are now considered as 128 bits and
are XORed to the 128 bits of the round key
...
Otherwise, the resulting
128 bits are interpreted as 16 bytes and we begin another similar
round
...
Each round consists of
the four processes conducted in the reverse order −
•
•
•
•
Add round key
Mix columns
Shift rows
Byte substitution
Since sub-processes in each round are in reverse manner, unlike
for a Feistel Cipher, the encryption and decryption algorithms
needs to be separately implemented, although they are very
closely related
...
Till date, no practical
cryptanalytic attacks against AES has been discovered
...
However, just as for DES, the AES security is assured only if it is
correctly implemented and good key management is employed
...
These are the operational guidelines for a basic
block cipher
...
Data blocks with fixed sizes are processed by block ciphers
...
As a result,
the lengthy message is broken up into a number of sequential
message blocks, and the encryption processes each block
individually
...
Operation
• The user takes the first block of plaintext and encrypts
it with the key to produce the first block of ciphertext
...
The ECB mode is deterministic, that is, if plaintext block P1, P2,…,
Pm are encrypted twice under the same key, the output
ciphertext blocks will be the same
...
Encryption would
then entail only looking up for required plaintext and select the
corresponding ciphertext
...
It
is illustrated as follows −
Analysis of ECB Mode
In truth, any application data typically contains ambiguous
information that can be inferred
...
If the plaintext message is predictable,
an attacker could use a ciphertext from ECB to try and guess the
plaintext
...
The ECB mode should not
be used in the majority of applications because we generally do
not want to use a deterministic cipher
...
Operation
The operation of CBC mode is depicted in the following
illustration
...
XOR the n-bit plaintext block with data value in top
register
...
Feed ciphertext block into top register and continue
the operation till all plaintext blocks are processed
...
The first ciphertext block is also fed
into to register replacing IV for decrypting next
ciphertext block
...
Decryption is thus the reverse process, which involves
decrypting the current ciphertext and then adding the previous
ciphertext block to the result
...
On the drawback side, the error
in transmission gets propagated to few further block during
decryption due to chaining effect
...
Thus, it has an
advantage for those applications that require both symmetric
encryption and data origin authentication
...
Operation
The operation of CFB mode is depicted in the following
illustration
...
The CFB mode requires an
initialization vector (IV) as the initial random n-bit input block
...
Steps of operation are −
•
•
•
•
•
•
Load the IV in the top register
...
Take only ‘s’ number of most significant bits (left bits)
of output of encryption process and XOR them with ‘s’
bit plaintext message block to generate ciphertext
block
...
Essentially, the previous ciphertext block is encrypted
with the key, and then the result is XORed to the
current plaintext block
...
Pre-decided
IV is initially loaded at the start of decryption
...
In other words, the ciphertext block is dependent of
message
...
In this mode, user decrypts the
ciphertext using only the encryption process of the block cipher
...
Apparently, CFB mode is converting a block cipher into a type of
stream cipher
...
This key stream is then XORed with the plaintext as in
case of stream cipher
...
On the flip side, the error of transmission gets propagated due
to changing of blocks
...
These feedback blocks provide
string of bits to feed the encryption algorithm which act as the
key-stream generator as in case of CFB mode
...
The OFB mode requires an IV as the initial random n-bit input
block
...
The operation is depicted in the following illustration −
Counter (CTR) Mode
It can be considered as a counter-based version of CFB mode
without the feedback
...
This
shared counter is not necessarily a secret value, but challenge is
that both sides must keep the counter synchronized
...
Steps in operation are −
•
•
•
•
•
Load the initial counter value in the top register is the
same for both the sender and the receiver
...
Encrypt the contents of the counter with the key and
place the result in the bottom register
...
The result of this is C1
...
The
counter update replaces the ciphertext feedback in
CFB mode
...
The decryption is the reverse process
...
After decryption of each ciphertext
block counter is updated as in case of encryption
...
Like CFB mode, CTR mode does not involve the decryption
process of the block cipher
...
In other words, CTR mode
also converts a block cipher to a stream cipher
...
Loss of
synchronization leads to incorrect recovery of plaintext
...
In
addition, it does not propagate error of transmission at all
...
It is a relatively new concept
...
With the spread of more unsecure computer networks in last
few decades, a genuine need was felt to use cryptography at
larger scale
...
This gave rise to
the public key cryptosystems
...
This is a property which set this scheme different than
symmetric encryption scheme
...
Receiver needs to publish an encryption key, referred
to as his public key
...
Generally, this type of cryptosystem
involves trusted third party which certifies that a
particular public key belongs to a specific person or
entity only
...
Though private and public keys are related
mathematically, it is not be feasible to calculate the
private key from the public key
...
There are three types of Public Key Encryption schemes
...
It remains most
employed cryptosystem even today
...
We will see two aspects of the RSA cryptosystem, firstly
generation of key pair and secondly encryption-decryption
algorithms
...
The process followed in
the generation of keys is described below −
•
Generate the RSA modulus (n)
o Select two large primes, p and q
...
For strong unbreakable
encryption, let n be a large number, typically
a minimum of 512 bits
...
o There must be no common factor for e and (p −
1)(q − 1) except for 1
...
• Form the public key
o The pair of numbers (n, e) form the RSA
public key and is made public
...
This is strength of RSA
...
For given n and e, there is unique number d
...
This means that d is the number less
than (p - 1)(q - 1) such that when multiplied
by e, it is equal to 1 modulo (p - 1)(q - 1)
...
Example
An example of generating RSA Key pair is given below
...
Practically, these values are very high)
...
Thus, modulus n =
pq = 7 x 13 = 91
...
• The pair of numbers (n, e) = (91, 5) forms the public key
and can be made available to anyone whom we wish to
be able to send us encrypted messages
...
The output will be d = 29
...
Encryption and Decryption
•
Once the key pair has been generated, the process of encryption
and decryption are relatively straightforward and
computationally easy
...
It operates on numbers
modulo n
...
RSA Encryption
• Suppose the sender wish to send some text message to
someone whose public key is (n, e)
...
• To encrypt the first plaintext P, which is a number
modulo n
...
This means that C is also a number
less than n
...
Suppose that the receiver of publickey pair (n, e) has received a ciphertext C
...
The
result modulo n will be the plaintext P
...
The RSA cryptosystem is most popular public-key
cryptosystem strength of which is based on the practical
difficulty of factoring the very large numbers
...
Key Generation − The difficulty of determining a
private key from an RSA public key is equivalent to
factoring the modulus n
...
It is also a one way
function, going from p & q values to modulus n is easy
but reverse is not possible
...
In fact, if a technique for factoring efficiently
is developed then RSA will no longer be safe
...
ElGamal Cryptosystem
Along with RSA, there are other public-key cryptosystems
proposed
...
ElGamal cryptosystem, called Elliptic Curve Variant, is based on
the Discrete Logarithm Problem
...
Let us go through a simple version of ElGamal that works with
numbers modulo p
...
Generation of ElGamal Key Pair
Each user of ElGamal cryptosystem generates the key pair
through as follows −
•
•
Choosing a large prime p
...
Choosing a generator element g
...
o It is a generator of the multiplicative group of
integers modulo p
...
For example, 3 is generator of group 5 (Z5 =
{1, 2, 3, 4})
...
The private key x is any
number bigger than 1 and smaller than p−1
...
The value y is
computed from the parameters p, g and the private
key x as follows −
y = gx mod p
• Obtaining Public key
...
For example, suppose that p = 17 and that g = 6 (It can
be confirmed that 6 is a generator of group Z17)
...
The value y is then
computed as follows −
y = 65 mod 17 = 7
• Thus the private key is 62 and the public key is (17, 6,
7)
...
But the encryption and
decryption are slightly more complex than RSA
...
• To encrypt the first plaintext P, which is represented as
a number modulo p
...
• Referring to our ElGamal key generation example given
above, the plaintext P = 13 is encrypted as follows −
o Randomly generate a number, say k = 10
o Compute the two values C1 and C2, where −
C1 = 610 mod 17
C2 = (13*710) mod 17 = 9
• Send the ciphertext C = (C1, C2) = (15, 9)
...
o Obtain the plaintext by using the following
formula −
C2 × (C1)-x mod p = Plaintext
• In our example, to decrypt the ciphertext C = (C1, C2) =
(15, 9) using private key x = 5, the decryption factor is
•
15-5 mod 17 = 9
• Extract plaintext P = (9 × 9) mod 17 = 13
...
and has three
components of public key − prime modulus p, generator g, and
public Y = gx mod p
...
The secure key size is generally > 1024 bits
...
On the processing speed front, Elgamal is
quite slow, it is used mainly for key authentication protocols
...
Elliptic Curve Cryptography (ECC)
Elliptic Curve Cryptography (ECC) is a term used to describe a
suite of cryptographic tools and protocols whose security is
based on special versions of the discrete logarithm problem
...
ECC is based on sets of numbers that are associated with
mathematical objects called elliptic curves
...
ECC includes a variants of many cryptographic schemes that
were initially designed for modular numbers such as ElGamal
encryption and Digital Signature Algorithm
...
This prompts
switching from numbers modulo p to points on an elliptic curve
...
The shorter keys result in two benefits −
•
•
Ease of key management
Efficient computation
These benefits make elliptic-curve-based variants of encryption
scheme highly attractive for application where computing
resources are constrained
...
RSA
ElGamal
It is more efficient for
encryption
...
It is less efficient for
decryption
...
For a particular security level, For the same level of
lengthy keys are required in security, very short keys are
RSA
...
It is widely accepted and
used
...
Data Integrity in Cryptography
Until now, we discussed the use of symmetric and public key
schemes to achieve the confidentiality of information
...
The focus of this chapter is on data integrity and cryptographic
tools used to achieve the same
...
There are two different types of data integrity threats,
namely passive and active
...
•
•
These data errors are likely to occur due to noise in a
communication channel
...
Error-correcting codes and simple checksums like
Cyclic Redundancy Checks (CRCs) are used to detect
the loss of data integrity
...
Active Threats
In this type of threats, an attacker can manipulate the data with
malicious intent
...
The system can use
techniques of appending CRC to data for detecting any
active modification
...
This is possible if the digest is computed using
simple mechanisms such as CRC
...
Cryptography Hash functions
Hash functions are extremely useful and appear in almost all
information security applications
...
The input to the hash function is of arbitrary length but output is
always of fixed length
...
The following picture illustrated hash
function −
Features of Hash Functions
The typical features of hash functions are −
•
•
Fixed Length Output (Hash Value)
o Hash function coverts data of arbitrary length
to a fixed length
...
o In general, the hash is much smaller than the
input data, hence hash functions are
sometimes called compression functions
...
o Hash function with n bit output is referred to
as an n-bit hash function
...
Efficiency of Operation
Generally for any hash function h with input
x, computation of h(x) is a fast operation
...
Properties of Hash Functions
o
In order to be an effective cryptographic tool, the hash function
is desired to possess following properties −
•
•
Pre-Image Resistance
o This property means that it should be
computationally hard to reverse a hash
function
...
o This property protects against an attacker
who only has a hash value and is trying to find
the input
...
o In other words, if a hash function h for an
input x produces hash value h(x), then it
should be difficult to find any other input
value y such that h(y) = h(x)
...
• Collision Resistance
o This property means it should be hard to find
two different inputs of any length that result
in the same hash
...
o In other words, for a hash function h, it is
hard to find any two different inputs x and y
such that h(x) = h(y)
...
This
property of collision free only confirms that
these collisions should be hard to find
...
o Also,
if a hash function is collisionresistant then it is second pre-image
resistant
...
This hash function forms the part of the hashing algorithm
...
Typically the block sizes are from 128 bits to 512 bits
...
Each round takes an input of a fixed size, typically a
combination of the most recent message block and the output
of the last round
...
Schematic of hashing algorithm is
depicted in the following illustration −
Since, the hash value of first message block becomes an input to
the second hash operation, output of which alters the result of
the third operation, and so on
...
Avalanche effect results in substantially different hash values for
two messages that differ by even a single bit of data
...
The hash function generates a hash code by operating
on two blocks of fixed-length binary data
...
Popular Hash Functions
Let us briefly see some popular hash functions −
Message Digest (MD)
MD5 was most popular and widely used hash function for quite
some years
...
It was adopted as Internet Standard
RFC 1321
...
MD5 digests have been widely used in the software
world to provide assurance about integrity of
transferred file
...
In 2004, collisions were found in MD5
...
This collision attack resulted in
compromised MD5 and hence it is no longer
recommended for use
...
Though from same family, there are
structurally different
...
It had few weaknesses
and did not become very popular
...
SHA-1 is the most widely used of the existing SHA hash
functions
...
In 2005, a method was found for uncovering collisions
for SHA-1 within practical time frame making longterm employability of SHA-1 doubtful
...
No successful
attacks have yet been reported on SHA-2 hash
function
...
Though
significantly different, its basic design is still follows
design of SHA-1
...
In October 2012, the NIST chose the Keccak algorithm
as the new SHA-3 standard
...
RIPEMD
The RIPEMD is an acronym for RACE Integrity Primitives
Evaluation Message Digest
...
The set includes RIPEMD, RIPEMD-128, and RIPEMD160
...
• Original RIPEMD (128 bit) is based upon the design
principles used in MD4 and found to provide
questionable security
...
• RIPEMD-160 is an improved version and the most
widely used version in the family
...
Whirlpool
•
This is a 512-bit hash function
...
One of the designer was
Vincent Rijmen, a co-creator of the AES
...
Applications of Hash Functions
There are two direct applications of hash function based on its
cryptographic properties
...
•
•
•
Instead of storing password in clear, mostly all logon
processes store the hash values of passwords in the
file
...
The process of logon is depicted in the following
illustration −
An intruder can only see the hashes of passwords, even
if he accessed the password
...
Data Integrity Check
•
Data integrity check is a most common application of the hash
functions
...
This
application provides assurance to the user about correctness of
the data
...
It however, does not provide any assurance about
originality
...
This integrity check application is useful
only if the user is sure about the originality of file
...
Another type of threat that exist for data is the lack of message
authentication
...
Message authentication can be
provided using the cryptographic techniques that use secret keys
as done in case of encryption
...
For establishing MAC process,
the sender and receiver share a symmetric key K
...
The process of using MAC for authentication is depicted in the
following illustration −
Let us now try to understand the entire process in detail −
•
•
•
•
•
•
The sender uses some publicly known MAC algorithm,
inputs the message and the secret key K and produces
a MAC value
...
The
major difference between hash and MAC is that MAC
uses secret key during the compression
...
Here, we assume that the message is sent in the clear,
as we are concerned of providing message origin
authentication, not confidentiality
...
On receipt of the message and the MAC, the receiver
feeds the received message and the shared secret key
K into the MAC algorithm and re-computes the MAC
value
...
If they
match, then the receiver accepts the message and
assures himself that the message has been sent by the
intended sender
...
As a bottom-line, a receiver
safely assumes that the message is not the genuine
...
o It
can provide message authentication
among pre-decided legitimate users who
have shared key
...
Inability to Provide Non-Repudiation
o Non-repudiation is the assurance that a
message originator cannot deny any
previously sent messages and commitments
or actions
...
If the sender and
receiver get involved in a dispute over
message origination, MACs cannot provide a
proof that a message was indeed sent by the
sender
...
Both these limitations can be overcome by using the public key
based digital signatures discussed in following section