Search for notes by fellow students, in your own course and all over the country.
Browse our notes for titles which look like what you need, you can preview any of the notes via a sample of the contents. After you're happy these are the notes you're after simply pop them into your shopping cart.
Document Preview
Extracts from the notes are below, to see the PDF you'll receive please use the links above
Cryptography
Chapter-01
Content:
•
•
•
•
•
CIA tried
Security attacks
Security services
Security mechanisms
Cryptography
CIA tried:
Confidentiality: preserving authorized restrictions on access and disclosure Integrity: data is complete, trustworthy and has not been modified and be modified by
authorized users
Availability: it is available at 24 by 7 and not denied by authorized users
Confidentiality and privacy:
Confidentiality: be sure that private information is not made available
Privacy: involves your right to manage your personal information
System integrity: it is designed, implemented and maintained to protect itself against
unauthorized access
Authentication: assurance that the user who claims to be
Non-repudiation: assurance that participant cannot deny their actions
Access control: the ability to limit and control the access to user, systems and application and
prevent misuse of resources
Security attacks:
•
•
Passive attacks
Active attacks
Passive attacks:
•
•
•
•
The goal of the opponent is to learn the information
System resources is not affected
Very difficult to detect as there is no alteration of messages
Emphasis is given to prevent passive attacks than to detect them
Types of passive attacks:
•
•
Release of message content: most common form of passive attack – opponent make use
of the information and may release them to third party for gain of money
Traffic analysis: information is available on masked form – tries to find out pattern in
the exchange messages – tries to identify the location of the sender and the receiver –
tries to guess the nature of the communication by examining the frequency and length of
messages
Active attacks:
•
•
•
•
•
The aim of the attack is to gain unauthorized access to system or network in order to
interrupt its function
Involves modification of messages
Prevent access to resources
Difficult to prevent because of vulnerabilities in network and software
Emphasis is given to detect active attacks and recover from the disruption caused by them
Types of active attacks:
•
•
•
•
Modification of messages (attack on integrity): some parts of messages will be altered
by the opponent without the knowledge of communicating parties
Masquerade (attack on authenticity): opponent pretend as an authenticated person and
gain unauthorized access to system resources
Replay (attack on confidentiality): occurs when attacker captures the data and
retransmits it without the knowledge of communicating parties
Denial of service (attack on availability): aims to interrupt the proper function of
system and communication facilities by suppressing all the messages to particular
destination
•
Data encryption: is the process of transmission data into not understandable form using
mathematical algorithms
By strong encryption algorithm confidentiality can be achieved
Security mechanisms:
•
•
•
•
•
Digital signature: a cryptographic transformation of data unit, can allows the recipient to
ensure the authenticity of sender, sender will electronically sign the data which is verified
by the receiver
Mechanisms to ensure data integrity: adding check value to the data before
transmission, check value is generated from the data itself using hash functions
...
2
...
4
...
Plaintext
Secret key
Encryption algorithm
Ciphertext
Decryption algorithm
Substitution: technique replaces character or symbol with other character to form plaintext
Transposition: technique to replace the position of characters in plaintext to form cipher text
Caesar Cipher
Encryption
Plaintext= meet
For m,
key=5
(12+5)mod26 = 17 mod 26= 17 , r
For e, (4+5)mod 26=9 mod 26= 9, j
For t, (19+ 5)mod26 = 24 mod 26= 24 y
Ciphertext= rjjy
Plaintext – toy
key= 6
For t, (19 +6)mod 26= 25 mod 26= 25, z
For 0, (14 +6)mod 26= 20 mod 26=20= u
For y, ( 24+6)mod 26= 30 mod 26= 4, e
Ciphertext= zue
Decryption
Ciphertext= rjjy
key= 5
For r, (17-5) mod 26= 12 mod26=12, m
For j, (9-5)mod 26= 4mod26=4,e
For y, (24-5)mod 26= 19, t
Plaintext= meet
Meet me - rjjy rj - monoalphabetic substitution
Meet me – xfwu hj- polyalphabetic
Mod Operator
5/4= Q=1 , Remainder=1
5 mod 4 = 1
1mod4=1
6 mod 4=2
7 mod 4= 3
35mod4=3
234mod4= 2
8 mod 4= 0 4mod4= 0 3 mod 4= 3 2mod4= 2
6574 mod 4= 2 453421 mod 4=1
N mod 4---→ 0,1,2,3
N mod 6-----→0,1,2,3,4,5
N mod 9 -----→ 0 ,1,2--- , 8
N mod 26--→ 0 to 25
625 mod 6= 1
12 mod 6= 0
6= 4 45678 mod 6= 0
15 mod 6= 3 26 mod 6= 2
1mod6=1
11mod6= 5
10 mod
Symmetric ciphers
Chapter-02
Agenda:
•
•
Feistel cipher
Block cipher design consideration
Block and stream ciphers:
•
•
Block cipher: the processes of encryption and decryption are made for blocks which are
fixed-size and the block of cipher text is equal in size of plaintext block
Stream cipher: the processes of encryption and decryption is made on smaller group of
bits, it is done for number of bytes or bits
X-OR operation:
M = PLAINTEXT 01101100
11011000
11011010
K = KEY
10101111
00101100
01011011
E=MK
11000011
11110100
10000001 encryption
M= E K
01101100
11011000
11011010 decryption
Feistel cipher (block cipher): encryption and decryption algorithms consist of multiple rounds,
each round has substitution followed by permutation,
•
•
each plaintext is divided into left and right halves
each round has its own subkey which derived from the secret symmetric key
Feistel cipher rounds:
Key size=3 bits , what will be key space?
Key size= length of the key
Key space= how many possible keys, 2^3= 8
000
001
010
011
100
101
110
111
Key size = 4 bits , What will be the key space? Key space= 16 (2^4)
8421
0000
0001
0010
0011
0100
0101
0110
0111
1000
1001
1010
1011
1100
1101
1110
1111
Key size= 10 bits Key space=1024 (2^10)
If the key size of an algorithm is 10bits, What will be maximum number of trials an attacker does
to succeed brute force attack?
In brute force attack, attacker tries all possible keys
...
1024 keys
Key size =64 bits , key space= 2^64
X AND Y
X
0
0
1
1
X
Y
0
1
0
1
O/p
0
0
0
1
Y
0
1
0
1
O/p
0
1
1
0
OR Y
X
0
0
1
1
Left circular shift by 1 bit
10010000
00100001
01000010
Feistel Cipher Example
Plaintext = 1101 1001
Key = 100111 , Assume there are 4 rounds
Subkey generation= left circular shift 1 bit and take first 4 bits
Key=100111
K1=001111---0011
K2=011110—0111
K3=111100—1111
K4=111001—1110
Encryption - Plaintext = 1101 1001
Round Function= Right half XOR round key
Round1
Left Half=1101 Right Half= 1001
Step-1 Right half XOR round key1
1001 XOR 0011= 1010
Step-2 Output from function XOR left half
1010 XOR 1101= 0111
Step3—Interchange result of step2 and right half
Output= 1001 0111
Round2 key2= 0111
0111 XOR 0111=0000
0000 XOR 1001=1001
Output=0111 1001
Round3 Key3= 1111
1001 XOR 1111=0110
0110 XOR 0111= 0001
Output = 1001 0001
Round 4 Key4= 1110
0001 XOR 1110=1111
1111 XOR 1001=0110
Output= 0001 0110 ( FINAL INTERCHANGE)
CIPHERTEXT= 0110 0001
Decryption= Same as Encryption, key4 is used in first round
Round1
Left Half= 0110 Right Half=0001 Key4= 1110
0001 XOR 1110= 1111
1111 XOR 0110= 1001
Output= 0001 1001
Round2 Output= 1001 0111
Round3 Output=0111 1001
Round4 Output= 1001 1101
Final Interchange 1101 1001—Plaintext
Classical encryption algorithms
Content:
•
•
•
•
•
Monoalphabetic & Polyalphabetic Ciphers
Attacks on classical encryption schemes
Substitution cipher examples
Transposition cipher examples
Advantages and Disadvantages
Monoalphabetic cipher: substation same character on different locations of the plaintext
Exp: E(x)=(ax + b) MOD 26
Polyalphabetic cipher: is easy to break because they reflect the frequency data of the original
alphabet
for decrypting the plaintext by looking at the most frequent letter and see the most frequent letter
on that language, then see the second most frequent letter until letters on the plaintext appears
letter by letter
In polyalphabetic substitution, same characters appearing in different locations of the plaintext
will be substituted by different characters to form the ciphertext
...
Repeating plaintext letters that are in the same pair are separated with a filler letter, such as X, so that
BALLOON would be treated as BA LX LO ON
2
...
For example, AR is encrypted as RM
...
Two plaintext letters that fall in the same column are each replaced by the letter beneath, with the top
element of the column circularly following the last
...
4
...
Thus, HS becomes BP and EA becomes IM (or JM, as the
encipherer wishes)
...
The length of key is smaller, then encryption and decryption process is faster
Small processing power of computer system required
Advantages of symmetric keys encryption:
•
•
•
These algorithms are faster so they can be used to encrypt large volume of data
Symmetric keys are relatively shorter in length
Symmetric key ciphers can be constructed using multiple rounds of simple substitution
and transposition such product ciphers are strong and easy to analyze
Disadvantages:
•
•
•
The key should be shared secretly between parties
In large networks, a number of secret keys must be managed
The secret key must regularly change to ensure secure communication
Block ciphers
•
•
•
•
•
•
•
Data encryption standard (DES)
Triple DES
Advanced encryption standard (AES)
IDEA
Towfish
Serpent
Blowfish
Block size: Larger block sizes mean greater security but
reduced encryption/decryption speed
...
Number of rounds: Multiple rounds offer more
security
...
Subkey generation algorithm: Greater complexity in this
algorithm will increase the difficulty of
cryptanalysis
...
Initial Permutation (IP)
2
...
Simple Permutation (Swapping Left and right halves) (SW)
4
...
Final Permutation( IP-1)
Sub Key Generation - Sub Key size -8 bits
1
...
Left circular shift of both halves separately
3
...
These two boxes are defined as follows:
The first and fourth input bits are treated as a 2-bit number
that specify a row of the S-box, and the second and third input bits specify a column of the Sbox
...
9 X 10 30 years to break 3DES
The decryption is used to allow data encrypted using single DES hardware
It is slow to implement in software
It uses 64-bits blocks only
********************************************************************
NIST
National institute standard technology (NIST) requirements for new crypto system:
•
•
•
•
•
•
•
•
•
Must provide high level of security to be difficult to decrypt in finite time
Must be completely specified and easily understood
Security must rely on a key not on algorithm
Must be available for all users
Adaptable for use in diverse applications like credit cards
Implemented economically in electronic devices
Must be sufficient to use in software and hardware
Must allow someone to validate it
Must be exportable
Advanced encryption standard
The input to encryption and decryption algorithm is a single 128-bit block
The block is drawn as square matrix of bytes
This block is copied in into the state array which is modified at each stage of encryption and
decryption
The functions of each round:
1
...
Shiftrows: simple permutation
3
...
Add roundkey: where 128-bit in the matrix XOR with the 128-bit round key
AES rounds number and key sizes:
•
•
•
10 rounds using 128-bit key size
12 rounds using 192-bit key size
14 round using 256-bit key size
Modes of operation
Mode
Electronic code book
(ECB)
Cipher block
chaining (CBC)
Cipher feedback
(CFB)
Output feedback
(OFB)
Counter (CTR)
Description
Each block of 128
plaintext bit is
encoded
independently using
the same key
The input to
encryption algorithm
is XOR with the next
64 plaintext bits
Take a key and take
s-bits from it as
input, XOR with
message and he
output is going to be
n-bits to the
ciphertext on the next
round and other n-bit
will go to the next
ciphertext as n-bits
The nonce text is
encrypted using the
key the output of this
will XOR with the
plaintext
The counter initialized vector(which is same length
of plaintext) is taken
as input and
encrypted using the
key, the output is
XOR with the
plaintext
Typical application
Secure transmission
of single values like
encryption key
Type of cipher
Block-oriented
Authentication
Block-oriented
Authentication
Block-oriented
is converted to
stream-oriented
Satellite
communication
Streamoriented
ATM, IP security,
High-speed
requirements
Block-oriented
The difference between ECB and CBC: the output of encryption before XOR is taken as input
in CBC
The difference between CFB and CBC: in CFB every encryption step there is no relation
between the new encryption the previous encryption step
The difference between OFB and CTR: the input to encryption is different in OFB is nonce
and it is fixed in all rounds and in CTR is counter which different in length which depends on
plaintext length
EBC
CFB
OFB
CTR
Stream cipher: the processes of encryption and decryption is made on smaller group of bits, it is
done for number of bytes or bits
•
Stream ciphers generate key stream (stream of bits)
RC4: is a stream cipher
•
•
•
Its variable key size stream is byte-oriented operation
The algorithm based on random permutation
The encryption components are
1
...
PRGA (pseudo random generation algorithm)
These two algorithms help RC4 algorithm to produce the stream cipher
Steps of RC4:
1
...
Run Key scheduling algorithm
3
...
XOR Plaintext with key
Number Theory & Public Key Cryptography
Chapter-03
•
•
•
Division algorithm
Prime factorization
Introduction into public key cryptography
Division algorithm: n= positive interger a=nonnegative interger
a = qn + r
0<=r < n;
prime numbers: numbers which have only two divisors
Fermat’s method:
√ n+y2 after that (x+y)(x-y)
√3009+ 2 = 55
√187+3 = 14
(55+4) (55-4) =3009
(14+3)(14-3) = 187
2
The factors are= 51 and 59
2
17 and 11
√3233+4 = 57
2
(57+4)(57-4)= 3233
61 and 53
03 - public key encryption
Public key encryption designed based on difficult mathematics problems
Public key encryption (asymmetric key encryption as pair keys used): uses two keys public
key and private key
One key used for encryption and other key used for decryption
Public key encryption:
1
...
Transmit the message
3
...
Encrypt the message using sender’s private key
2
...
Decrypt the message using sender’s public key
Uses of public key encryption:
1
...
Digital signature
3
...
2
...
4
...
6
...
Thus n = 47 x 59 = 2773
Step 2: Select e = 17
Step 3: Publish (n,e) = (2773, 17)
Step 4: (p-1) x (q-1) = 46 x 58 = 2668
Use the Euclidean Algorithm to compute the modular inverse of 17 modulo 2668
...
33 false
13−3
13 ≅ 3 mod 13 =( 13 ) = 0
...
15 ≅ 3 mod 12 = (
2
...
4
...
6
...
509 standard format
Public key infrastructure: 3 entities form PKI
1
...
Server: needs to prove its identity
3
...
During the handshake the server and the client establish their authentication by
exchanging the digital certificates
2
...
Record layer calculates kays for symmetric encryption from master secret and uses them
for generating message authentication codes and also to encrypt data using faster
symmetric key encryption
SSL/TSL uses a cipher suite includes:
Asymmetric key encryption for authentication and key exchange in handshake phase
Symmetric key encryption to encrypt data in data transfer phase
Hash functions to ensure integrity in handshake phase and data transfer phase
Example: RSA – 3DES – SHA-1, ECC- AES – SHA-2