Topic Contents

5.1 Introduction
5.2 Symmetric Data Encryption with Private Key
5.2.1 Digital Encryption Standard
5.2.2 Triple DES Encryption
5.2.3 Advanced Encryption Standard
5.3 Public Key Encryption
5.3.1 RSA Encryption Scheme
5.3.2 Diffie-Hellman Key Exchange Algorithm
5.3.3 Combining RSA with DES
5.4 Public Key Certifying Authority
5.5 Digital Signature
E-Commerce and E- Governance

Lecture 4
SECURE MESSAGING
5.1 Introduction

Security of transactions between customers and vendors in e-

commerce is a paramount importance. There are several
types of threat which may arise. Some of these are :

Attempt to access a web site and modify/destroy its contents

Attempt to access a web site and read confidential
information such as credit card numbers and company payroll
data.
Send malicious programs such as viruses, worms and
Trojans to a web server by a browser.

3
4
5
6
5.2 SYMMETRIC DATA ENCRYPTION
WITH PRIVATE KEY

7
 Cryptography
Basic idea: convert clear text (also called plain text
the original message) to ciphertext (the encrypted
message)
ciphertext = encrypt(plaintext, KE)
plaintext = decrypt(ciphertext, KC)

Can either make the encryption process hidden, so

that an intruder cannot know it
Or, can use a known technique and use a hidden key

8
 Some Basic Terminology
plaintext - original message

ciphertext - coded message

cipher - algorithm for transforming plaintext to ciphertext

key - info used in cipher known only to sender/receiver

encipher (encrypt) - converting plaintext to ciphertext

decipher (decrypt) - recovering ciphertext from plaintext

cryptography - study of encryption principles/methods

cryptanalysis (codebreaking) - study of principles/ methods of

deciphering ciphertext without knowing key
cryptology - field of both cryptography and cryptanalysis
9
10
Number of keys used (Secret-Key
Cryptography)
traditional secret/single key cryptography
uses one key
shared by both sender and receiver
if this key is disclosed communications are
compromised
also is symmetric, parties are equal
hence does not protect sender from receiver
forging a message & claiming is sent by sender

11
Symmetric Encryption

12
 Public-Key Cryptography
probably most significant advance in the 3000 year
history of cryptography
uses two keys a public & a private key
asymmetric since parties are not equal
uses clever application of number theoretic concepts to
function
complements rather than replaces secret key
cryptography

13
 Public-Key Cryptography
public-key/two-key/asymmetric cryptography involves the
use of two keys:
a public-key, which may be known by anybody, and can be
used to encrypt messages, and verify signatures
a private-key, known only to the recipient, used to decrypt
messages, and sign (create) signatures
is asymmetric because
those who encrypt messages or verify signatures cannot
decrypt messages or create signatures

14
Public-Key Cryptography

15
 Modern Block Ciphers
Block ciphers are among the most widely
used types of cryptographic algorithms
provide secrecy and/or authentication services
in particular will introduce DES (Data
Encryption Standard)

16
 Block vs Stream Ciphers
block ciphers process messages in blocks, each
of which is then en/decrypted
like a substitution on very big characters
64-bits or more
stream ciphers process messages a bit or byte
at a time when en/decrypting
many current ciphers are block ciphers
broader range of applications

17
18
19
Block Cipher

20
 Block Cipher Principles
most symmetric block ciphers are based on a
Feistel Cipher Structure
needed since must be able to decrypt
ciphertext to recover messages efficiently
block ciphers look like an extremely large
substitution
would need table of 264 entries for a 64-bit
block
instead create from smaller building blocks
using idea of a product cipher
21
 Claude Shannon and Substitution-
Permutation Ciphers
Claude Shannon introduced idea of
substitution-permutation (S-P) networks in
1949 paper
form basis of modern block ciphers
S-P nets are based on the two primitive
cryptographic operations seen before:
substitution (S-box)
permutation (P-box)
provide confusion & diffusion of message &
key
22
 Confusion and Diffusion
cipher needs to completely obscure statistical
properties of original message
a one-time pad does this
more practically Shannon suggested combining S & P
elements to obtain:
diffusion dissipates statistical structure of plaintext
over bulk of ciphertext
confusion makes relationship between ciphertext
and key as complex as possible

23
 Feistel Cipher Structure
Horst Feistel devised the feistel cipher
based on concept of invertible product cipher
partitions input block into two halves
process through multiple rounds which
perform a substitution on left data half
based on round function of right half & subkey
then have permutation swapping halves
implements Shannons S-P net concept

24
25
Feistel Cipher Structure

26
 Feistel Cipher Structure

Block size: larger block sizes mean greater security

Key Size: larger key size means greater security
Number of rounds: multiple rounds offer increasing
security
Subkey generation algorithm: greater complexity will
lead to greater difficulty of cryptanalysis.
Fast software encryption/decryption: the speed of
execution of the algorithm becomes a concern

27
Feistel Cipher Decryption

28
5.2.1 Digital Encryption Standard
DES Encryption Overview

29
DES

30
 DES Round Structure
uses two 32-bit L & R halves
as for any Feistel cipher can describe as:
Li = Ri1
Ri = Li1 F(Ri1, Ki)
F takes 32-bit R half and 48-bit subkey:
expands R to 48-bits using perm E
adds to subkey using XOR
passes through 8 S-boxes to get 32-bit result
finally permutes using 32-bit perm P
31
32
 Initial Permutation IP
first step of the data computation
IP reorders the input data bits
even bits to LH half, odd bits to RH half
The values in each matrix identify where each
bit of the input message is mapped to in the
output message. For example, The matrix for
IP shows that the 58th bit from the input gets
mapped to the first bit of the output; the 50th of
the input maps to the second of the output, and
so on. 33
 S-Boxes
The resulting 48 bits are XORed with key.
This 48 bit result passes through a substitution function
comprising 8 S-boxes.
Which each map 6 input bits to 4 output bits.

Given 6-bits B=b1b2b3b4b5b6,

Row r=b1b6
Column c=b2b3b4b5
S(B)=S(r,c) written in binary of length 4

34
DES Round Structure

35
 DES Key Schedule
The 64 bit key input is first processed by permuted choice
One.
The resulting 56-bit key is then treated as two 28-bit
quantities C and D.
In each round forms subkeys
rotating each half separately either 1 or 2 places depending
on the key rotation schedule K
selecting 24-bits from each half & permuting them by
PC2 for use in round function F
note practical use issues in h/w vs s/w

36
 DES Decryption
decrypt must unwind steps of data computation
with Feistel design, do encryption steps again using subkeys
in reverse order (SK16 SK1)
IP undoes final FP step of encryption
1st round with SK16 undoes 16th encrypt round
.
16th round with SK1 undoes 1st encrypt round
then final FP undoes initial encryption IP
thus recovering original data value

37
Possible Techniques for Improving
DES

Multiple enciphering with DES

Extending DES to 128-bit data paths and
112-bit keys
Extending the key expansion calculation

38
 Double DES?
Using two encryption stages and two keys
C=Ek2(Ek1(P))
P=Dk1(Dk2(C))
It is proved that there is no key k3 such that
C=Ek2(Ek1(P))=Ek3(P)
But Meet-in-the-middle attack

39
 Meet-in-the-Middle Attack
Assume C=Ek2(Ek1(P))
Given the plaintext P and ciphertext C
Encrypt P using all possible keys k1
Decrypt C using all possible keys k2
Check the result with the encrypted plaintext lists
If found match, they test the found keys again for
another plaintext and ciphertext pair
If it turns correct, then find the keys
Otherwise keep decrypting C

40
 Triple DES
DES variant
Standardized in ANSI X9.17 & ISO 8732 and
in PEM for key management
Proposed for general EFT standard by ANSI
X9
Backwards compatible with many DES
schemes
Uses 2 or 3 keys
Cryptography and Network Security
41
3DES

42
 Cont.
No known practical attacks
Brute force search impossible (very hard)
Meet-in-the-middle attacks need 256
Plaintext-Ciphertext pairs per key
Popular current alternative

Cryptography and Network Security 43

 Why Triple-DES?
why not Double-DES?
NOT same as some other single-DES use, but have
meet-in-the-middle attack
works whenever use a cipher twice
since X = EK1[P] = DK2[C]
attack by encrypting P with all keys and store
then decrypt C with keys and match X value
can show takes O(256) steps
 Triple-DES with Three-Keys
although are no practical attacks on two-key
Triple-DES have some indications
can use Triple-DES with Three-Keys to avoid
even these
C = EK3[DK2[EK1[P]]]
has been adopted by some Internet
applications
5.2.3 Advanced Encryption Standard
The AES Cipher - Rijndael
designed by Rijmen-Daemen in Belgium
has 128/192/256 bit keys, 128 bit data
an iterative rather than feistel cipher
processes data as block of 4 columns of 4 bytes
operates on entire data block in every round
designed to be:
resistant against known attacks
speed and code compactness on many CPUs
design simplicity
 Final NIST Evaluation of Rijndael
General Security: Rijndael has no known security attacks. It appears to
have an adequate security margin, but has received some criticism
suggesting that its mathematical structure may lead to attacks.
Software Implementations: Rijndael performs encryption and decryption
very well across a variety of platforms. However, there is a decrease in
performance with higher key sizes because of the increased number of
rounds that are performed. Rijndaels high inherent parallelism facilitates
the efficient use of processor resources. Rijndaels key setup time is fast.
Restricted Space Environments: Rijndael is very well suited for
restricted-space environments where either encryption or decryption is
implemented (but not both). It has very low RAM and ROM requirements.
A drawback is that ROM requirements will increase if both encryption and
decryption are implemented simultaneously.
Hardware Implementation: Rijndael has the highest throughput of any of
the finalists for feedback modes and second highest for non-feedback
modes. For the 192 and 256 bit key sizes, throughput falls in standard and
unrolled implementations because of the additional rounds.
 Final NIST Evaluation of Rijndael
Attacks on Implementations: The operations used by Rijndael are among
the easiest to defend against power and timing attacks. The use of masking
techniques to provide Rijndael with some defense against these attacks
does not cause significant performance degradation relative to the other
finalists, and its RAM requirement remains reasonable.
Encryption vs. Decryption: The encryption and decryption functions in
Rijndael differ. The implementation of both encryption and decryption
takes about 60% more space than the implementation of encryption alone.
Rijndaels speed does not vary significantly between encryption and
decryption, although the key setup performance is slower for decryption
than for encryption.
Key Agility: Rijndael requires a one-time execution of the key schedule to
generate all subkeys prior to the first decryption with a specific key. This
places a slight resource burden on the key agility of Rijndael.
 Final NIST Evaluation of Rijndael
Other Versatility and Flexibility: Rijndael fully supports block sizes of
128 bits, 192 bits and 256 bits, in any combination. In principle, the
Rijndael structure can accommodate any block sizes and key sizes that are
multiples of 32, as well as changes in the number of rounds that are
specified.
Potential for Instruction-level Parallelism: Rijndael has an excellent
potential for parallelism for a single block encryption.
Rijndael
Rijndael, the Advanced Encryption Standard, is a symmetric block
cipher.
It uses the same key between sender and receiver to encrypt and
decrypt the message.
key is expanded to array of words
has 10/12/14 rounds in which state undergoes:
byte substitution (1 S-box used on every byte)
shift rows (permute bytes between groups/columns)
mix columns (subs using matrix multipy of groups)
add round key (XOR state with key material)
Rijndael
AES Key
AES key is either 128 bits, 192 bits or 256 bits
128 bits (4 words):
11223344556677889900AABBCCDDEEFF

11 22 33 44
55 66 77 88
99 00 AA BB
CC DD EE FF
AES Key
or 192 bits (6 words) or 256 bits (8 words)
1122334455667788 1122334455667788
9900AABBCCDDEEFF 9900AABBCCDDEEFF
1122334455667788 1122334455667788
9900AABBCCDDEEFF
11 22 33 44 11 22 33 44
55 66 77 88
55 66 77 88
99 00 AA BB
99 00 AA BB CC DD EE FF
CC DD EE FF 11 22 33 44
11 22 33 44 55 66 77 88
55 66 77 88 99 00 AA BB
CC DD EE FF
Byte Substitution
a simple substitution of each byte
uses one table of 16x16 bytes containing a
permutation of all 256 8-bit values
each byte of state is replaced by byte indexed by row
(left 4-bits) & column (right 4-bits)
eg. byte {95} is replaced by byte in row 9 column 5
which has value {2A}
designed to be resistant to all known attacks
Byte Substitution
Shift Rows
a circular byte shift in each each
1st row is unchanged
2nd row does 1 byte circular shift to left
3rd row does 2 byte circular shift to left
4th row does 3 byte circular shift to left
decrypt inverts using shifts to right
since state is processed by columns, this step
permutes bytes between the columns
Mix Columns
each column is processed separately
each byte is replaced by a value dependent on all 4 bytes
in the column
effectively a matrix multiplication in GF(28) using prime
poly m(x) =x8+x4+x3+x+1
Mix Columns
AES Round
THANKS

65
65