aforajayshahnirma.wordpress.com stream cipher a stream cipher is one that encrypts a digital data...

Information Security

Prepared By: Prof. Ajaykumar T. ShahAforajayshahnirma.wordpress.com

Aforajayshahnirma.wordpress.com

Stream Cipher

• A stream cipher is one that encrypts a digital data stream one bit or one byte at a time.

• Examples: One Time Pad.• In which the keystream ki is as long as the plaintext bit

stream pi . • If the cryptographic key stream is random, then this cipher is

unbreakable by any means other than acquiring the key stream.

• However, the key stream must be provided to both users in advance via some independent and secure channel.

Block Cipher

• A block cipher is one in which a block of plaintext is treated as a whole and used to produce a cipher text block of equal length.

• Typically, a block size of 8 or 64 bytes is used. • As same as stream cipher, the two users share a symmetric

encryption key. • Plaintext: 227 bytes Block size: 16 bytes

=227/16 = 14 blocks & 3 bytes• Total Blocks 15 in which last block contain 3 bytes and

padding bytes


http://ajpatelit.hpage.com

http://ajpatelit.hpage.com/

Difference

Stream Cipher Block CipherStream cipher operates on smaller Units of Plaintext

Block cipher operates on larger block of data

Faster than block cipher Slower than Stream Cipher

Stream cipher processes the input element continuously producing output one element at a time

Block cipher processes the input one block of element at a time, producing an output block for each input block

Require less code Requires more code

Only one time of key used. Reuse of key is possible

Ex: One time pad Ex: DES (Data Encryption Standard)

Application: SSL (secure connection on the web)

Application: Database, file encryption.

Stream cipher is more suitable for hardware implementation

Easier to implement in software.


Generate n-bit-n-bit block Substitution


Feistel Cipher Structure

• Substitution: Each plaintext element or group of elements is uniquely replaced by a corresponding cipher text element or group of elements.

• Permutation: A sequence of plaintext elements is replaced by a permutation of that sequence. That is, no elements are added or deleted or replaced in the sequence, rather the order in which the elements appear in the sequence is changed.


Feistel Cipher Structure cont…

Parameters and Design Features

I. Block SizeIf Larger block is used security is greater but speed is reduced, normal 64 bit is used in block cipher method

II. Key SizeIf Larger key is used security is greater but speed is reduced, default key length is 128 bits.

III. Number of RoundsSecurity is increased by increasing the no. of rounds but typical size is 16 rounds.

IV. Subkey generationV. Round Function


Diffusion and Confusion

Diffusion• To make the statistical relationship between the plaintext

and cipher text as complex as possible in order to thwart attempts to discover the key.

• Can be achieved by a Permutation followed by a function

Confusion• To make the relationship between the statistics of the cipher

text and the value of the encryption key as complex as possible to thwart attempts to discover the key.

• Can be achieved by a Substitution.


• DES Encryption

Initial Permutation

Details of Single Round

Key Generation

• The Avalanche Effect

Data Encryption Standard (DES)


The permutation • X = IP(M)

The inverse permutation • Y = IP-1(X) = IP-1(IP(M)) • The original ordering

is restored

Initial Permutation


Single Round

F function • Ri-1 is expanded to

48-bits using E. • The result is XORed

with the 48-bit round key.

• The 48-bit is substituted by a 32-bit.

• The 32-bit is permuted by P.

E-Step

• First divide the 32-bit block into eight 4-bit words.

• Attach an additional bit on the left to each 4-bit word that is the last bit of the previous 4-bit word.

• Attach an additional bit to the right of each 4-bit word that is the beginning bit of the next 4-bit word.


Expansion E

• 32 bits 48 bits• 16 bits are

reused.

Permutation P

E-Step Cont…


Substitution• 48 bits 32 bits• 8 S-boxes• Each S-box get 6 bits and

Output 4 bits.

E-Step with S Boxes Cont…



Single Round of DES Algorithm


S-Boxes



I. Outer bits 1 & 6 (rowbits) select one rows II. Inner bits 2-5 (colbits) are substituted

Example : Input : 011001• The row is 01 (row 1)• The column is 1100 (column 12)• Output is 1001

Working of S-Boxes


Key Generation

• A 64-bit key used as input Every 8th bit is ignored. Thus, the key is 56 bits.

• PC1 permute 56 bits intotwo 28-bit halves.


DES Decryption

Decryption uses the same algorithm as encryption.

I. Feistel cipher

II. Round key schedule is reversed.


The Avalanche Effect

A small change of plaintext or key produces a significant change in the cipher text.

DES exhibits a strong avalanche effect.


The Avalanche Effect cont…

Example


The Strength of DES

The Use of 56-bit keys

The Nature of the DES Algorithm

Timing Attacks


The Use of 56-bits Keys

• If the key length is 56-bit, we have 256= 7.2 x 1016 keys• A single m/c performing one DES encryption / microsecond

takes more than 1000 yrs to break the cipher. (brute-force attack becomes impractical)

• Diffie and Hellman - the same can be possible if we implement it by using parallel m/c with 1 million devices it takes 10 hours but the cost for developing it is too high ($20 million dollars)

• In 1998, Electronic Frontier Foundation (EFF) announced ‘DES cracker’ which can attack DES in 3 days.

• It was built for less than $250,000.• EEF has published their detailed description of the M/C ,

enabling others to build their own crackers (making DES virtually worthless)


Strength…

• Plain text Only English - easily automated Has compressed before encryption - difficult to

automate Data with numeric values - more difficult to

automate • To supplement brute force attack some degree of

knowledge about plaintext is required.• EEF addressed an alternatives to DES

AES(key size is 128 ~ 256 bit) and triple DES (112 ~ 168 bit)


Nature of DES

• Possibilities of cryptanalysis is done by

finding the characteristics of DES Algorithm

• Learning of S-Box logic is complex

• Weakness of S-Box has not been discovered


Block Cipher Design Principles

Criteria for S- Boxes.

1. No output bit of any S-box should be too close a linear function of the input bits. Specifically, if we select any output bit and any subset of the six input bits, the fraction of inputs for which this output bit equals the XOR of these input bits should not be close to 0 or 1, but rather should be near 1/2.

2. Each row of an S-box should include all 16 possible output bit combinations.

3. If two inputs to an S-box differ in exactly one bit, the outputs must differ in at least two bits.


4. If two inputs to an S-box differ in the two middle bits exactly, the outputs must differ in at least two bits.

5. If two inputs to an S-box differ in their first two bits and are identical in their last two bits, the two outputs must not be the same.

6. For any nonzero 6-bit difference between inputs, no more than eight of the 32 pairs of inputs exhibiting that difference may result in the same output difference.

7. This is a criterion similar to the previous one, but for the case of three S-boxes.

Block Cipher Design Principles


Cipher Block Modes of Operations

Electronic Code Book (ECB)

Cipher Block Chaining Mode (CBC)

Cipher Feedback Mode (CFB)

Counter Mode



Plaintext is handled one block at a time and each block of plaintext is encrypted using the same key. The term codebook is used because, for a given key, there is a unique cipher text for every bit block of plaintext. Therefore, we can imagine a gigantic codebook in which there is an entry for every possible -bit plaintext pattern showing its corresponding cipher text.


• The ECB method is ideal for a short amount of data, such as an encryption key. Thus, if you want to transmit a DES or AES key securely, ECB is the appropriate mode to use.

• The most significant characteristic of ECB is that if the same bit block of plaintext appears more than once in the message, it always produces the same cipher text.

• For lengthy messages, the ECB mode may not be secure. If the message is highly structured, it may be possible for a cryptanalyst to exploit these regularities.



Cipher Block Changing Mode (CBC)

A simple way to satisfy this requirement is the cipher block chaining (CBC) mode.In this scheme, the input to the encryption algorithm is the XOR of the current plaintext block and the preceding cipher text block; the same key is used for each block.For decryption, each cipher block is passed through the decryption algorithm. The result is XORed with the preceding cipher text block to produce the plaintext block. To see that this works, we can write



Initialization Vector


Cipher Feedback Block (CFB)

• The input to the encryption function is a -bit shift register that is initially set to some initialization vector (IV).

• The leftmost (most significant) bits of the output of the encryption function are XORed with the first segment of plaintext P1 to produce the first unit of cipher text C1, which is then transmitted.

• In addition, the contents of the shift register are shifted left by s bits, and C1 is placed in the rightmost (least significant) s bits of the shift register. This process continues until all plaintext units have been encrypted.


Cipher Feedback Block (CFB)


The counter is encrypted and then XORed with the plaintext block to produce the cipher text block; there is no chaining.

For decryption, the same sequence of counter values is used, with each encrypted counter XORed with a cipher text block to recover the corresponding plaintext block. Thus, the initial counter value must be made available for decryption.

Counter Mode


Counter Mode


Cryptanalytic Attacks.

Ciphertext-only attack

Known-plaintext attack

Chosen-plaintext attack

Adaptive chosen plaintext attack


Ciphertext only attack

• The cryptanalyst has the cipher text of several messages, of all of which have been encrypted using the same encryption algorithm.

• The analyst may be able to capture one or more plaintext message as well as their encryptions.

• Better yet to assume the key used to encrypt the messages, in order to decrypt other messages encrypted with the same key.


Known Plaintext attack

• The cryptanalyst has access not only to the ciphertext of several messages, but also to the plaintext of those messages

• Job is to deduce the key used to encrypt the messages.

• OR an algorithm to decrypt any new messages encrypted with the same key.

• It is also referred to as a probable word attack.


Chosen Plaintext attack

• This is more powerful than a known plaintext attack because the cryptanalyst can chose specific plaintext blocks to encrypt.

• The cryptanalyst not only has access to the ciphertext and associated plaintext for several messages, but he also chooses the plaintext that gets encrypted.


Adaptive Chosen Plaintext attack

• Not only can the cryptanalyst choose the plaintext that is encrypted , but he can also modify his choice based on the result of the previous encryption.

• A cryptanalyst might just be able to choose one large block of the plaintext to be encrypted – in chosen plaintext attack.



Double DES

The simplest form of multiple encryption has two encryption stages and two keys. Given a plaintext P and two encryption keys K1 and K2, ciphertext C is generated as

C = E(K2, E(K1, P))

Decryption requires that the keys be applied in reverse order:

P = D(K1, D(K2, C))



Triple DES

The simplest form of multiple encryption has three encryption stages and three keys. Given a plaintext P and three encryption keys K1, K2 and K3, ciphertext C is generated as

C = E(K3, D(K2, E(K1, P)))

Decryption Process is shown below

P = D(K3, E(K2, D(K1, P)))


International Data Encryption Algorithm

• IDEA is Block Cipher.• Works on 64 bits plaintext blocks.• Key is longer and consist of 128 bits.• IDEA use Diffusion and Confusion for Encryption.• Plaintext = 64 bits• Total 4 block of Plaintext each containing 16bits.

Plaintext = (p1,p2,p3,p4)• Eight Round in Algorithm. 6 sub key is generated in each

such round from the original key.


Round 1

Round 2

Input Plaintext(64 bits)

P1 (16 bits) P2 (16 bits) P3 (16 bits) P4 (16 bits)

K1

K6K7

K12

Round 8

Output Transformation

K43

K48K49

K52

. . .

C1 (16 bits) C2 (16 bits) C3 (16 bits) C4 (16 bits)

Input Ciphertext(64 bits)

BLOCK

DIAGRAM

Details of Single Round in IDEAStep1: Multiply P1 and K1 (P1 * K1)Step2: Add P2 and K2 (P2 + K2)Step3: Add P3 and K3 (P3 + K3)Step4: Multiply P4 and K4 (P4 * K4)Step5: XOR the result of step 1 and step 3Step6: XOR the result of step 2 and step 4Step7: Multiply the result of step 5 with K5.Step8: Add the result of step 6 and step 7.Step9: Multiply the result of step 8 with K6.Step10: Add the result of step 7 and step 9.Step11: XOR the result of step 1 and step 9.Step12: XOR the result of step 3 and step 9.Step13: XOR the result of step 2 and step 10.Step14: XOR the result of step 4 and step 10.


Structure of Single Round in IDEAP1 P2 P3 P4

C1 C2 C3 C4

XOR

MULTIPLICATION

ADD

Strength of IDEA

• IDEA uses a 128 bits key, which is double than the key size of DES.

• Thus, to break into IDEA, 2128 (i.e. 1038) encryption operations would be required.

• As before, even if we assume that to obtain the correct key, only half of the possible keys need to be examined and tried out, a single computer performing one IDEA encryption per microsecond would require more than 5400000000000000000000000 years to break IDEA!


RC

• RC4 was designed by Ron Rivest of RSA Security in 1987.• RC4 is known as “Rivest Cipher 4”.• RC5 is the modified version of RC4.

o Word Size in bits (Encry 2-word blocks at a time): 16, 32, 64o No. of Rounds: 0-255o No. 0f 8-bit Bytes in the key: 0-255


RC5

• RC5 use only primitive computer operations such as addition, substation, XOR, shift, etc.

• RC5 requires less memory for execution and therefore suitable not only for desktop computer but also for smart cards and other devices that have a small memory capacity.

Parameter Allowed Values

Word size in bits (RC5 encrypt 2 word at a time) 16, 32, 64

Number of Rounds 0-255

Number of 8-bit bytes in the key 0-255



Encryption using RC5



Key Generation in RC5


BLOWFISH

Blowfish was design on the following objectives:

FAST: Blowfish encryption rate on 32-bit microprocessors is 26 clock cycles per byte.

COMPACT: Blowfish can execute in less than 5kb memory.

SIMPLE: Blowfish uses only primitives operations, such as addition XOR, and table lookup, making its design and implementation simple.

SECURE: Blowfish has a variable key length up to a maximum of 448 bits long, making it both flexible and secure.



BLOWFISH Encryption


Function F in Blowfish


Advance Encryption Standard

AES Evaluation• Security:

I. Actual Security compared to other submitted standard.II. Randomness: The extent to which the algorithm output

indistinguishable from a random permutation on the input block.

III. Soundness of the mathematical basis for the algorithm’s security.


• Cost:I. Licensing requirements: When the AES is issued, the

algorithm specified the AES shall be available on a worldwide, non –exclusive, royalty free basis.

II. Computational efficiency: The evaluation of computational efficiency will be applicable to both hardware and software implementation.

III. Memory requirements: The memory requirement for implementing the algorithm in hardware and software will be considered.



• Algorithm and Implementation characteristics: This category includes a variety of considerations, including flexibility; suitability for a variety of hardware and software implementations; and simplicity, which will make an analysis of security more straight forward.




• General Security• Software implementations• Restricted-space environments• Hardware implementations• Attacks on implementations• Encryption versus decryption• Key agility• Other versatility and flexibility• Potential for instruction-level parallelism


AESEncryption

ProcessState

AES Round Contains

I. Byte SubstitutionII. Row ShiftIII. Column mixingIV. Round Key Addition


AES Data Structure


AESEncryption

And Decryption

AESBitesLevel

Operations

Shift Row Transformation

AES Row and Column Operations


Shift Column Transformation


Random Number

A number of network security algorithms and protocols based on cryptography make use of random binary numbers:• Key distribution and reciprocal authentication schemes• Session key generation• Generation of keys for the RSA public-key encryption

algorithm• Generation of a bit stream for symmetric stream encryption

There are two distinct requirements for a sequence of random numbers:

Randomness

Unpredictability

Randomness

The generation of a sequence of allegedly random numbers being random in some well-defined statistical sense has been a concern

Two criteria are used to validate that a sequence of numbers is random:

Uniform distribution• The frequency of occurrence of ones and zeros should

be approximately equal

Independence• No one subsequence in the sequence can be inferred

from the others


Unpredictability

The requirement is not just that the sequence of numbers be statistically random, but that the successive members of the sequence are unpredictableWith “true” random sequences each number is statistically independent of other numbers in the sequence and therefore unpredictable

True random numbers have their limitations, such as inefficiency, so it is more common to implement algorithms that generate sequences of numbers that appear to be randomCare must be taken that an opponent not be able to predict future elements of the sequence on the basis of earlier elements


Cryptographic applications typically make use of algorithmic techniques for random number generation.

These algorithms are deterministic and therefore produce sequences of numbers that are not statistically random.

If the algorithm is good, the resulting sequences will pass many reasonable tests of randomness. Such numbers are referred to as pseudorandom numbers.

Pseudorandom numbers


True Random Number Generator (TRNG)

A TRNG takes as input a source that is effectively random; the source is often referred to as an entropy source. In essence, the entropy source is drawn from the physical environment of the computer and could include things such as keystroke timing patterns, disk electrical activity, mouse movements, and instantaneous values of the system clock. The source, or combination of sources, serve as input to an algorithm that produces random binary output. The TRNG may simply involve conversion of an analog source to a binary output. The TRNG may involve additional processing to overcome any bias in the source;


True Random Number Generator (TRNG)


Pseudorandom Number Generator (PRNG)

PRNG takes as input a fixed value, called the seed, and produces a sequence of output bits using a deterministic algorithm. Typically, as shown, there is some feedback path by which some of the results of the algorithm are feed back as input as additional output bits are produced. The important thing to note is that the output bit stream is determined solely by the input value or values, so that an adversary who knows the algorithm and the seed can reproduce the entire bit stream.


End of the Unit-2


aforajayshahnirma.wordpress.com stream cipher a stream cipher is one that encrypts a digital data...

Documents