Professional Documents
Culture Documents
LEARNINIG OBJECTIVES
At the End of this UNIT student should be able to:
Define encryption
List and describe the conventional encryption principles
List the conventional encryption algorithms
Explain cipher block modes and its operation
Describe the location of encryption devices
Explain the key distribution approaches
Describe secure hash function
Explain about HMAC
Feistel Cipher Structure: Virtually all conventional block encryption algorithms, including
DES have a structure first described by Horst Feistel of IBM in 1973.
The Feistel structure is particular example of the more general structure used by all symmetric
block ciphers which consists of a sequence of rounds, with each round performing substitutions
and permutations conditioned by a secret key value.
The inputs to the encryption algorithm are plain text block of length 2 w bits and key K.
4
The plain text block is divided into two halves L0 and R0.
The two halves of the data pass through n rounds of processing and then combined to
produce the cipher text block.
Each round i has as inputs Li-1 and Ri-1derived from the previous round, as well as a sub
key Ki , derived from the overall K.
All rounds have the same structure.
A substitution is performed on the left half of the data .This is done by applying a round
function F to the right half of the data and then taking the exclusive OR (XOR) of the
output of that function and the left half of the data.
The round function has the same general structure for each round but is parameterized by
the round sub key Ki.
Following this substitution, a permutation is performed that consists of the interchange of
the two halves of the data.
Decryption is essentially the same as encryption process. Here we use cipher text as input
to the algorithm, but use the sub keys K i in reverse order i.e. use Kn in the first round, Kn-1
in the second round and so on until K1 used in the last round.
Here we use one algorithm for encryption and decryption.
The realization of a Feistel cipher depends on the choice of the following parameters and design
features
o
Block size: Larger block sizes mean greater security but lower
encryption/decryption speed. A block size of 128 bits is a reasonable tradeoff.
o
Key Size: Larger key size means greater security but lower encryption/decryption
speed. The most common key length in modern algorithms is 128 bits.
o
Number of rounds: Multiple rounds offer increasing security. (16 rounds are
mostly used.)
o
Sub key generation algorithm: Greater complexity of this algorithm will lead to
greater difficulty of cryptanalysis.
o
Round function: The greater the complexity of rounds function, the greater the
resistance to cryptanalysis.
o Fast software encryption/decryption: The speed of execution of the algorithm
becomes a concern.
o Ease of analysis: There are great benefits in making the algorithm easy to analyze i.e. the
algorithm can be concisely explained and it is easier to analyze the algorithm for
cryptanalytic vulnerabilities.
Symmetric Block Encryption Algorithms: The most commonly used symmetric encryption
algorithms are block ciphers. A block cipher process the plain text input in fixed-sized blocks and
produces a block of cipher text of equal size for each plaintext block. The most important block
ciphers are Data Encryption Standard (DES), triple DES, Advanced Encryption Standard (AES)
and Blowfish ect.
Data Encryption Standard (DES):
o The most widely used encryption scheme
o The algorithm is referred to the Data Encryption Algorithm (DEA)
o DES is a block cipher
o The plaintext is processed in 64-bit blocks
o The key is 56-bits in length
5
o Details of function F: It takes 32 bits input and produces a 32 bit output .32 bit input is
expanded into 48 bits. This is done by permuting and duplicating some bits of 32 bits.
Exclusive OR operation is performed between these 48 bits and 48 bit sub key. 48 bit
output of the Exclusive OR operation is grouped into 8 groups of 6 bits each. Each 6 bit
group is fed into a 6-to-4 substitution box that transforms 6 bits to 4 bits. 32 bit output of
8 substitution boxes is fed into a permutation box. The 32 bit output of the permutation
box is F(Ri-1, Ki).
6
o The process of decryption with DES is same as the encryption process. Use the cipher
text as input the DES algorithm, but use the sub key K i in reverse order i.e. use K16 on
the first iteration, K15 on the second iteration and so on until K1 is used on the 16th and last
iteration.
The strength of DES: Concerns about the strengths of DES falls in two categories:
o Concern about the algorithm itself: This refers to the possibility that the cryptanalysis
is possible by exploiting the characteristics of DES algorithm. No one has so far
succeeded in discovering a fatal weakness in DES.
o Second concern is the key length: With a key length of 56 bits there are 2 56 possible
keys which is approximately 7.2 X 1016 keys. Here brute force attack is impossible and a
single machine performing one DES encryption per microsecond would take more than
thousand years to break the cipher.
Triple DES: 3DES uses three keys three executions of DES algorithm. The functions follows an
encrypt decrypt- encrypt (EDE) sequence.
C=E (K3, D (K2, E (K1, P)))
Where
C = Cipher text
P = Plain text
E[K,X] = Encryption of X using key K
D[K,Y] = Decryption of Y using key K.
modified at each stage of encryption and decryption. After the final stage, state is copied
to an output matrix.
o Similarly the 128 bit key is depicted as a square matrix of bytes. The key is then
expanded into an array of key scheduled words, each word is four bytes and total key
schedule is 44 words for 128 bit key.
o The ordering of bytes with in a matrix is by column. For example the first four bytes of
128 bit plain text, input to the encryption cipher occupy the first column of the in matrix;
the second four bytes occupy the second column and so on. Similarly the first four bytes
of the expanded key, which forms a word, occupy the first column of the w matrix.
o AES is based on a design principle known as a Substitution permutation network. It is
fast in both software and hardware. Unlike its predecessor, DES, AES does not use a
Feistel network.
o The AES cipher is specified as a number of repetitions of transformation rounds that
convert the input plaintext into the final output of cipher text. Each round consists of
several processing steps, including one that depends on the encryption key. A set of
reverse rounds are applied to transform cipher text back into the original plaintext using
the same encryption key.
The following diagram shoes AES encryption and decryption.
Four different stages are used one of permutation and three of substitution.
b) Shift rows: Its a simple permutation that is performed row by row. The Shift Rows step
operates on the rows of the state; it cyclically shifts the bytes in each row by a certain
offset. For AES, the first row is left unchanged. Each byte of the second row is shifted
one to the left. Similarly, the third and fourth rows are shifted by offsets of two and three
respectively.
In the Shift Rows step, bytes in each row of the state are shifted cyclically to the left. The
number of places each byte is shifted differs for each row.
10
c) Mix columns: In the Mix Columns step, the four bytes of each column of the state are
combined using an invertible linear transformation. The Mix Columns function takes four
bytes as input and outputs four bytes, where each input byte affects all four output bytes.
Together with Shift Rows, Mix Columns provides diffusion in the cipher.
In the Mix Columns step, each column of the state is multiplied with a fixed polynomial c(x).
d) The add round key step: In the AddRoundKey step, the sub key is combined with the
state. For each round, a sub key is derived from the main key using Rijndael's key
schedule; each sub key is the same size as the state. The sub key is added by combining
each byte of the state with the corresponding byte of the sub key using bitwise XOR.
In the Add RoundKey step, each byte of the state is combined with a byte of the round sub key
using the XOR operation ().
Stream ciphers and RC4:
Block Cipher: A block cipher processes the input one block of elements at time, produces an
output block for each input block. For many applications block cipher are common in use.
A block cipher encryption algorithm might take (for example) a 128-bit block of plaintext
and key as input, and output a corresponding 128-bit block of ciphertext.
The exact transformation is controlled using a second input the secret key.
Decryption is similar: the decryption algorithm takes, in this example, a 128-bit block of
ciphertext together with the secret key, and yields the original 128-bit block of plaintext.
A message longer than the block size (128 bits in the above example) can still be
encrypted with a block cipher by breaking the message into blocks and encrypting each
block individually.
However, in this method all blocks are encrypted with the same key, which degrades
security (because each repetition in the plaintext becomes a repetition in the ciphertext).
To overcome this issue, modes of operation are used to make encryption probabilistic.
Some modes of operation, despite the fact that their underlying implementation is a block
cipher, allow the encryption of individual bits. The resulting cipher is called a stream
cipher.
An early and highly influential block cipher design was the Data Encryption Standard
(DES), developed at IBM and published as a standard in 1977. A successor to DES, the
Advanced Encryption Standard (AES), was adopted in 2001.
RC5
Developed by Ron Rivest in 1994
Suitable for hardware and software
Fast, simple
Adaptable to processors of different word lengths
Variable number of rounds
Variable-length key
Low memory requirement
High security
Data-dependent rotations
Used in the Products from RSA Data Security
Cast-128
Key size from 40 to 128 bits
The round function differs from round to round
International Data Encryption Algorithm (IDEA)
A block cipher with block size 64 bits
128-bit key
Used in PGP
Blowfish
Easy to implement (simple structure)
High execution speed
12
In cryptography, a stream cipher is a symmetric key cipher where plaintext bits are
combined with a pseudorandom cipher bit stream (keystream), typically by an exclusiveor (xor) operation.
For example: if the next byte generated by the generator is 01101100 and the next plain text byte
is 11001100 , then the resulting ciphertext byte is:
+
11001100
01101100
____________
10100000
plaintext
keystream
ciphertext
In a stream cipher the plaintext digits are encrypted one at a time, and the transformation
of successive digits varies during the encryption.
An alternative name is a state cipher, as the encryption of each digit is dependent on the
current state. In practice, the digits are typically single bits or bytes.
Stream ciphers typically execute at a higher speed than block ciphers and have lower
hardware complexity. However, stream ciphers can be susceptible to serious security
problems if used incorrectly, they are vulnerable to attack if certain precautions are not
followed; a) keys must never be used twice; b) valid encryption should never be relied on
to indicate authenticity
the beginning of the output keystream is not discarded, or nonrandom or related keys are used;
some ways of using RC4 can lead to very insecure cryptosystems such as WEP.
CIPHER BLOCK MODES OF OPERATION:
In a symmetric block cipher process one block of data at a time. In case the message longer than
the block size (128 bits in the above example) can still be encrypted with a block cipher by
breaking the message into blocks and encrypting each block individually. However, in this
method all blocks are encrypted with the same key, which degrades security (because each
repetition in the plaintext becomes a repetition in the ciphertext). To overcome this issue, modes
of operation are used to make encryption probabilistic.
The disadvantage of this method is that identical plaintext blocks are encrypted into
identical cipher text blocks; thus, it does not hide data patterns well.
In some senses, it doesn't provide serious message confidentiality, and it is not
recommended for use in cryptographic protocols at all.
14
ECB mode can also make protocols without integrity protection even more susceptible to
replay attacks, since each block gets decrypted in exactly the same way.
CBC has been the most commonly used mode of operation. Its main drawbacks are that
encryption is sequential (i.e., it cannot be parallelized), and that the message must be padded to a
multiple of the cipher block size. One way to handle this last issue is through the method known
as ciphertext stealing.
15
Note that a one-bit change in a plaintext affects all following ciphertext blocks. A plaintext can
be recovered from just two adjacent blocks of ciphertext. As a consequence, decryption can be
parallelized, and a one-bit change to the cipher text causes complete corruption of the
corresponding block of plaintext, and inverts the corresponding bit in the following block of
plaintext.
PCBC is used in Kerberos v4 and WASTE, most notably, but otherwise is not common. On a
message encrypted in PCBC mode, if two adjacent cipher text blocks are exchanged, this does
not affect the decryption of subsequent blocks. For this reason, PCBC is not used in Kerberos v5.
16
This simplest way of using CFB described above is not any more self-synchronizing than other
cipher modes like CBC. If a whole block size of cipher text is lost both CBC and CFB will
synchronize, but losing only a single byte or bit will permanently throw off decryption. To be
able to synchronize after the loss of only a single byte or bit, a single byte or bit must be
encrypted at a time. CFB can be used this way when combined with a shift register as the input
for the block cipher.
17
To use CFB to make a self-synchronizing stream cipher that will synchronize for any multiple of
x bits lost, start by initializing a shift register the size of the block size with the initialization
vector. This is encrypted with the block cipher, and the highest x bits of the result are XOR' ed
with x bits of the plaintext to produce x bits of cipher text. These x bits of output are shifted into
the shift register, and the process repeats with the next x bits of plaintext. Decryption is similar,
start with the initialization vector, encrypt, and XOR the high bits of the result with x bits of the
cipher text to produce x bits of plaintext. Then shift the x bits of the cipher text into the shift
register.
In notation, where Si is the i th state of the shift register, a << x is a shifted up x bits, head(a, x) is
the x highest bits of a and n is number of bits of IV:
If x bits are lost from the cipher text, the cipher will output incorrect plaintext until the shift
register once again equals a state it held while encrypting, at which point the cipher has
resynchronized. This will result in at most one block size of output being garbled.
Like CBC mode, changes in the plaintext propagate forever in the cipher text, and encryption
cannot be parallelized. Also like CBC, decryption can be parallelized. When decrypting, a onebit change in the cipher text affects two plaintext blocks: a one-bit change in the corresponding
plaintext block, and complete corruption of the following plaintext block. Later plaintext blocks
are decrypted normally.
CFB shares two advantages over CBC mode with the stream cipher modes OFB and CTR: the
block cipher is only ever used in the encrypting direction, and the message does not need to be
padded to a multiple of the cipher block size (though cipher text stealing can also be used to
make padding unnecessary).
Location of Encrypting Devices:
In network security the most powerful and common approach to avoid threats to network is
encryption. In encryption we need to decide what to encrypt and where the encryption gear
should be located.
18
KEY DISRTIBUTION:
In symmetric key cryptography, both parties must possess a secret key which they must
exchange prior to using any encryption and key must be protected from access by others.
Distribution of secret keys can be achieved in a number of ways for two parties A and B.
1. Key could be selected by A and physically delivered to B
2. A third party could select the key and physically deliver it to A and B.
3. If A and B have previously and recently used a key, one party could transmit the new key
to the other, encrypted using the old key.
4. If A and B each have an encrypted connection to a third party C, and C could deliver a
key on the encrypted links to A and B.
Here option 1 and 2 are called manual delivery of a key which is not suggestible always. Option
3 is possible for either link encryption or end-to-end encryption, to provide keys for end-to-end
encryption option 4 is preferable.
The following figure illustrates an implementation that satisfies option 4 for end-to-end
encryption. For this scheme two kinds of keys are needed.
1. Session key: Data encrypted with a one-time session key. At the conclusion of the
session the key is destroyed
2. Permanent key: Used between entities for the purpose of distributing session keys
4.
5.
6.
7.
8.
9.
21