aforajayshahnirma.wordpress.com stream cipher a stream cipher is one that encrypts a digital data...
TRANSCRIPT
Information Security
Prepared By: Prof. Ajaykumar T. ShahAforajayshahnirma.wordpress.com
Aforajayshahnirma.wordpress.com
Stream Cipher
• A stream cipher is one that encrypts a digital data stream one bit or one byte at a time.
• Examples: One Time Pad.• In which the keystream ki is as long as the plaintext bit
stream pi . • If the cryptographic key stream is random, then this cipher is
unbreakable by any means other than acquiring the key stream.
• However, the key stream must be provided to both users in advance via some independent and secure channel.
Block Cipher
• A block cipher is one in which a block of plaintext is treated as a whole and used to produce a cipher text block of equal length.
• Typically, a block size of 8 or 64 bytes is used. • As same as stream cipher, the two users share a symmetric
encryption key. • Plaintext: 227 bytes Block size: 16 bytes
=227/16 = 14 blocks & 3 bytes• Total Blocks 15 in which last block contain 3 bytes and
padding bytes
Aforajayshahnirma.wordpress.com
http://ajpatelit.hpage.com
Difference
Stream Cipher Block CipherStream cipher operates on smaller Units of Plaintext
Block cipher operates on larger block of data
Faster than block cipher Slower than Stream Cipher
Stream cipher processes the input element continuously producing output one element at a time
Block cipher processes the input one block of element at a time, producing an output block for each input block
Require less code Requires more code
Only one time of key used. Reuse of key is possible
Ex: One time pad Ex: DES (Data Encryption Standard)
Application: SSL (secure connection on the web)
Application: Database, file encryption.
Stream cipher is more suitable for hardware implementation
Easier to implement in software.
Aforajayshahnirma.wordpress.com
Generate n-bit-n-bit block Substitution
Aforajayshahnirma.wordpress.com
Generate n-bit-n-bit block Substitution
Aforajayshahnirma.wordpress.com
Feistel Cipher Structure
• Substitution: Each plaintext element or group of elements is uniquely replaced by a corresponding cipher text element or group of elements.
• Permutation: A sequence of plaintext elements is replaced by a permutation of that sequence. That is, no elements are added or deleted or replaced in the sequence, rather the order in which the elements appear in the sequence is changed.
Aforajayshahnirma.wordpress.com
Feistel Cipher Structure cont…
Parameters and Design Features
I. Block SizeIf Larger block is used security is greater but speed is reduced, normal 64 bit is used in block cipher method
II. Key SizeIf Larger key is used security is greater but speed is reduced, default key length is 128 bits.
III. Number of RoundsSecurity is increased by increasing the no. of rounds but typical size is 16 rounds.
IV. Subkey generationV. Round Function
Aforajayshahnirma.wordpress.com
http://ajpatelit.hpage.com
Aforajayshahnirma.wordpress.com
Diffusion and Confusion
Diffusion• To make the statistical relationship between the plaintext
and cipher text as complex as possible in order to thwart attempts to discover the key.
• Can be achieved by a Permutation followed by a function
Confusion• To make the relationship between the statistics of the cipher
text and the value of the encryption key as complex as possible to thwart attempts to discover the key.
• Can be achieved by a Substitution.
Aforajayshahnirma.wordpress.com
• DES Encryption
Initial Permutation
Details of Single Round
Key Generation
• The Avalanche Effect
Data Encryption Standard (DES)
Aforajayshahnirma.wordpress.com
http://ajpatelit.hpage.com
The permutation • X = IP(M)
The inverse permutation • Y = IP-1(X) = IP-1(IP(M)) • The original ordering
is restored
Initial Permutation
Aforajayshahnirma.wordpress.com
Single Round
F function • Ri-1 is expanded to
48-bits using E. • The result is XORed
with the 48-bit round key.
• The 48-bit is substituted by a 32-bit.
• The 32-bit is permuted by P.
E-Step
• First divide the 32-bit block into eight 4-bit words.
• Attach an additional bit on the left to each 4-bit word that is the last bit of the previous 4-bit word.
• Attach an additional bit to the right of each 4-bit word that is the beginning bit of the next 4-bit word.
Aforajayshahnirma.wordpress.com
Expansion E
• 32 bits 48 bits• 16 bits are
reused.
Permutation P
E-Step Cont…
Aforajayshahnirma.wordpress.com
Substitution• 48 bits 32 bits• 8 S-boxes• Each S-box get 6 bits and
Output 4 bits.
E-Step with S Boxes Cont…
Aforajayshahnirma.wordpress.com
S-Boxes
Aforajayshahnirma.wordpress.com
S-Boxes
Aforajayshahnirma.wordpress.com
http://ajpatelit.hpage.com
I. Outer bits 1 & 6 (rowbits) select one rows II. Inner bits 2-5 (colbits) are substituted
Example : Input : 011001• The row is 01 (row 1)• The column is 1100 (column 12)• Output is 1001
Working of S-Boxes
Key Generation
• A 64-bit key used as input Every 8th bit is ignored. Thus, the key is 56 bits.
• PC1 permute 56 bits intotwo 28-bit halves.
Aforajayshahnirma.wordpress.com
DES Decryption
Decryption uses the same algorithm as encryption.
I. Feistel cipher
II. Round key schedule is reversed.
Aforajayshahnirma.wordpress.com
The Avalanche Effect
A small change of plaintext or key produces a significant change in the cipher text.
DES exhibits a strong avalanche effect.
Aforajayshahnirma.wordpress.com
The Avalanche Effect cont…
Example
Aforajayshahnirma.wordpress.com
The Avalanche Effect cont…
Example
Aforajayshahnirma.wordpress.com
The Strength of DES
The Use of 56-bit keys
The Nature of the DES Algorithm
Timing Attacks
Aforajayshahnirma.wordpress.com
The Use of 56-bits Keys
• If the key length is 56-bit, we have 256= 7.2 x 1016 keys• A single m/c performing one DES encryption / microsecond
takes more than 1000 yrs to break the cipher. (brute-force attack becomes impractical)
• Diffie and Hellman - the same can be possible if we implement it by using parallel m/c with 1 million devices it takes 10 hours but the cost for developing it is too high ($20 million dollars)
• In 1998, Electronic Frontier Foundation (EFF) announced ‘DES cracker’ which can attack DES in 3 days.
• It was built for less than $250,000.• EEF has published their detailed description of the M/C ,
enabling others to build their own crackers (making DES virtually worthless)
Aforajayshahnirma.wordpress.com
Strength…
• Plain text Only English - easily automated Has compressed before encryption - difficult to
automate Data with numeric values - more difficult to
automate • To supplement brute force attack some degree of
knowledge about plaintext is required.• EEF addressed an alternatives to DES
AES(key size is 128 ~ 256 bit) and triple DES (112 ~ 168 bit)
Aforajayshahnirma.wordpress.com
Nature of DES
• Possibilities of cryptanalysis is done by
finding the characteristics of DES Algorithm
• Learning of S-Box logic is complex
• Weakness of S-Box has not been discovered
Aforajayshahnirma.wordpress.com
Block Cipher Design Principles
Criteria for S- Boxes.
1. No output bit of any S-box should be too close a linear function of the input bits. Specifically, if we select any output bit and any subset of the six input bits, the fraction of inputs for which this output bit equals the XOR of these input bits should not be close to 0 or 1, but rather should be near 1/2.
2. Each row of an S-box should include all 16 possible output bit combinations.
3. If two inputs to an S-box differ in exactly one bit, the outputs must differ in at least two bits.
Aforajayshahnirma.wordpress.com
4. If two inputs to an S-box differ in the two middle bits exactly, the outputs must differ in at least two bits.
5. If two inputs to an S-box differ in their first two bits and are identical in their last two bits, the two outputs must not be the same.
6. For any nonzero 6-bit difference between inputs, no more than eight of the 32 pairs of inputs exhibiting that difference may result in the same output difference.
7. This is a criterion similar to the previous one, but for the case of three S-boxes.
Block Cipher Design Principles
Aforajayshahnirma.wordpress.com
Cipher Block Modes of Operations
Electronic Code Book (ECB)
Cipher Block Chaining Mode (CBC)
Cipher Feedback Mode (CFB)
Counter Mode
Aforajayshahnirma.wordpress.com
Electronic Code Book (ECB)
Plaintext is handled one block at a time and each block of plaintext is encrypted using the same key. The term codebook is used because, for a given key, there is a unique cipher text for every bit block of plaintext. Therefore, we can imagine a gigantic codebook in which there is an entry for every possible -bit plaintext pattern showing its corresponding cipher text.
Aforajayshahnirma.wordpress.com
http://ajpatelit.hpage.com
• The ECB method is ideal for a short amount of data, such as an encryption key. Thus, if you want to transmit a DES or AES key securely, ECB is the appropriate mode to use.
• The most significant characteristic of ECB is that if the same bit block of plaintext appears more than once in the message, it always produces the same cipher text.
• For lengthy messages, the ECB mode may not be secure. If the message is highly structured, it may be possible for a cryptanalyst to exploit these regularities.
Electronic Code Book (ECB)
Aforajayshahnirma.wordpress.com
Cipher Block Changing Mode (CBC)
A simple way to satisfy this requirement is the cipher block chaining (CBC) mode.In this scheme, the input to the encryption algorithm is the XOR of the current plaintext block and the preceding cipher text block; the same key is used for each block.For decryption, each cipher block is passed through the decryption algorithm. The result is XORed with the preceding cipher text block to produce the plaintext block. To see that this works, we can write
Aforajayshahnirma.wordpress.com
Cipher Feedback Block (CFB)
• The input to the encryption function is a -bit shift register that is initially set to some initialization vector (IV).
• The leftmost (most significant) bits of the output of the encryption function are XORed with the first segment of plaintext P1 to produce the first unit of cipher text C1, which is then transmitted.
• In addition, the contents of the shift register are shifted left by s bits, and C1 is placed in the rightmost (least significant) s bits of the shift register. This process continues until all plaintext units have been encrypted.
Aforajayshahnirma.wordpress.com
Cipher Feedback Block (CFB)
Aforajayshahnirma.wordpress.com
Cipher Feedback Block (CFB)
Aforajayshahnirma.wordpress.com
The counter is encrypted and then XORed with the plaintext block to produce the cipher text block; there is no chaining.
For decryption, the same sequence of counter values is used, with each encrypted counter XORed with a cipher text block to recover the corresponding plaintext block. Thus, the initial counter value must be made available for decryption.
Counter Mode
Aforajayshahnirma.wordpress.com
Counter Mode
Aforajayshahnirma.wordpress.com
Counter Mode
Aforajayshahnirma.wordpress.com
Cryptanalytic Attacks.
Ciphertext-only attack
Known-plaintext attack
Chosen-plaintext attack
Adaptive chosen plaintext attack
Aforajayshahnirma.wordpress.com
Ciphertext only attack
• The cryptanalyst has the cipher text of several messages, of all of which have been encrypted using the same encryption algorithm.
• The analyst may be able to capture one or more plaintext message as well as their encryptions.
• Better yet to assume the key used to encrypt the messages, in order to decrypt other messages encrypted with the same key.
Aforajayshahnirma.wordpress.com
Known Plaintext attack
• The cryptanalyst has access not only to the ciphertext of several messages, but also to the plaintext of those messages
• Job is to deduce the key used to encrypt the messages.
• OR an algorithm to decrypt any new messages encrypted with the same key.
• It is also referred to as a probable word attack.
Aforajayshahnirma.wordpress.com
Chosen Plaintext attack
• This is more powerful than a known plaintext attack because the cryptanalyst can chose specific plaintext blocks to encrypt.
• The cryptanalyst not only has access to the ciphertext and associated plaintext for several messages, but he also chooses the plaintext that gets encrypted.
Aforajayshahnirma.wordpress.com
Adaptive Chosen Plaintext attack
• Not only can the cryptanalyst choose the plaintext that is encrypted , but he can also modify his choice based on the result of the previous encryption.
• A cryptanalyst might just be able to choose one large block of the plaintext to be encrypted – in chosen plaintext attack.
Aforajayshahnirma.wordpress.com
http://ajpatelit.hpage.com
Double DES
The simplest form of multiple encryption has two encryption stages and two keys. Given a plaintext P and two encryption keys K1 and K2, ciphertext C is generated as
C = E(K2, E(K1, P))
Decryption requires that the keys be applied in reverse order:
P = D(K1, D(K2, C))
http://ajpatelit.hpage.com
Triple DES
The simplest form of multiple encryption has three encryption stages and three keys. Given a plaintext P and three encryption keys K1, K2 and K3, ciphertext C is generated as
C = E(K3, D(K2, E(K1, P)))
Decryption Process is shown below
P = D(K3, E(K2, D(K1, P)))
International Data Encryption Algorithm
• IDEA is Block Cipher.• Works on 64 bits plaintext blocks.• Key is longer and consist of 128 bits.• IDEA use Diffusion and Confusion for Encryption.• Plaintext = 64 bits• Total 4 block of Plaintext each containing 16bits.
Plaintext = (p1,p2,p3,p4)• Eight Round in Algorithm. 6 sub key is generated in each
such round from the original key.
Aforajayshahnirma.wordpress.com
Round 1
Round 2
Input Plaintext(64 bits)
P1 (16 bits) P2 (16 bits) P3 (16 bits) P4 (16 bits)
K1
K6K7
K12
Round 8
Output Transformation
K43
K48K49
K52
. . .
C1 (16 bits) C2 (16 bits) C3 (16 bits) C4 (16 bits)
Input Ciphertext(64 bits)
BLOCK
DIAGRAM
Details of Single Round in IDEAStep1: Multiply P1 and K1 (P1 * K1)Step2: Add P2 and K2 (P2 + K2)Step3: Add P3 and K3 (P3 + K3)Step4: Multiply P4 and K4 (P4 * K4)Step5: XOR the result of step 1 and step 3Step6: XOR the result of step 2 and step 4Step7: Multiply the result of step 5 with K5.Step8: Add the result of step 6 and step 7.Step9: Multiply the result of step 8 with K6.Step10: Add the result of step 7 and step 9.Step11: XOR the result of step 1 and step 9.Step12: XOR the result of step 3 and step 9.Step13: XOR the result of step 2 and step 10.Step14: XOR the result of step 4 and step 10.
Aforajayshahnirma.wordpress.com
Structure of Single Round in IDEAP1 P2 P3 P4
C1 C2 C3 C4
XOR
MULTIPLICATION
ADD
Strength of IDEA
• IDEA uses a 128 bits key, which is double than the key size of DES.
• Thus, to break into IDEA, 2128 (i.e. 1038) encryption operations would be required.
• As before, even if we assume that to obtain the correct key, only half of the possible keys need to be examined and tried out, a single computer performing one IDEA encryption per microsecond would require more than 5400000000000000000000000 years to break IDEA!
Aforajayshahnirma.wordpress.com
RC
• RC4 was designed by Ron Rivest of RSA Security in 1987.• RC4 is known as “Rivest Cipher 4”.• RC5 is the modified version of RC4.
o Word Size in bits (Encry 2-word blocks at a time): 16, 32, 64o No. of Rounds: 0-255o No. 0f 8-bit Bytes in the key: 0-255
Aforajayshahnirma.wordpress.com
RC5
• RC5 use only primitive computer operations such as addition, substation, XOR, shift, etc.
• RC5 requires less memory for execution and therefore suitable not only for desktop computer but also for smart cards and other devices that have a small memory capacity.
Parameter Allowed Values
Word size in bits (RC5 encrypt 2 word at a time) 16, 32, 64
Number of Rounds 0-255
Number of 8-bit bytes in the key 0-255
Aforajayshahnirma.wordpress.com
BLOWFISH
Blowfish was design on the following objectives:
FAST: Blowfish encryption rate on 32-bit microprocessors is 26 clock cycles per byte.
COMPACT: Blowfish can execute in less than 5kb memory.
SIMPLE: Blowfish uses only primitives operations, such as addition XOR, and table lookup, making its design and implementation simple.
SECURE: Blowfish has a variable key length up to a maximum of 448 bits long, making it both flexible and secure.
Aforajayshahnirma.wordpress.com
Function F in Blowfish
Aforajayshahnirma.wordpress.com
Advance Encryption Standard
AES Evaluation• Security:
I. Actual Security compared to other submitted standard.II. Randomness: The extent to which the algorithm output
indistinguishable from a random permutation on the input block.
III. Soundness of the mathematical basis for the algorithm’s security.
Aforajayshahnirma.wordpress.com
• Cost:I. Licensing requirements: When the AES is issued, the
algorithm specified the AES shall be available on a worldwide, non –exclusive, royalty free basis.
II. Computational efficiency: The evaluation of computational efficiency will be applicable to both hardware and software implementation.
III. Memory requirements: The memory requirement for implementing the algorithm in hardware and software will be considered.
Advance Encryption Standard
Aforajayshahnirma.wordpress.com
• Algorithm and Implementation characteristics: This category includes a variety of considerations, including flexibility; suitability for a variety of hardware and software implementations; and simplicity, which will make an analysis of security more straight forward.
Advance Encryption Standard
Aforajayshahnirma.wordpress.com
Advance Encryption Standard
• General Security• Software implementations• Restricted-space environments• Hardware implementations• Attacks on implementations• Encryption versus decryption• Key agility• Other versatility and flexibility• Potential for instruction-level parallelism
Aforajayshahnirma.wordpress.com
AESEncryption
ProcessState
AES Round Contains
I. Byte SubstitutionII. Row ShiftIII. Column mixingIV. Round Key Addition
Aforajayshahnirma.wordpress.com
AES Data Structure
Aforajayshahnirma.wordpress.com
AES Data Structure
Aforajayshahnirma.wordpress.com
AESEncryption
And Decryption
AESBitesLevel
Operations
Shift Row Transformation
AES Row and Column Operations
Aforajayshahnirma.wordpress.com
Shift Column Transformation
Aforajayshahnirma.wordpress.com
Random Number
A number of network security algorithms and protocols based on cryptography make use of random binary numbers:• Key distribution and reciprocal authentication schemes• Session key generation• Generation of keys for the RSA public-key encryption
algorithm• Generation of a bit stream for symmetric stream encryption
There are two distinct requirements for a sequence of random numbers:
Randomness
Unpredictability
Randomness
The generation of a sequence of allegedly random numbers being random in some well-defined statistical sense has been a concern
Two criteria are used to validate that a sequence of numbers is random:
Uniform distribution• The frequency of occurrence of ones and zeros should
be approximately equal
Independence• No one subsequence in the sequence can be inferred
from the others
Aforajayshahnirma.wordpress.com
Unpredictability
The requirement is not just that the sequence of numbers be statistically random, but that the successive members of the sequence are unpredictableWith “true” random sequences each number is statistically independent of other numbers in the sequence and therefore unpredictable
True random numbers have their limitations, such as inefficiency, so it is more common to implement algorithms that generate sequences of numbers that appear to be randomCare must be taken that an opponent not be able to predict future elements of the sequence on the basis of earlier elements
Aforajayshahnirma.wordpress.com
Cryptographic applications typically make use of algorithmic techniques for random number generation.
These algorithms are deterministic and therefore produce sequences of numbers that are not statistically random.
If the algorithm is good, the resulting sequences will pass many reasonable tests of randomness. Such numbers are referred to as pseudorandom numbers.
Pseudorandom numbers
Aforajayshahnirma.wordpress.com
True Random Number Generator (TRNG)
A TRNG takes as input a source that is effectively random; the source is often referred to as an entropy source. In essence, the entropy source is drawn from the physical environment of the computer and could include things such as keystroke timing patterns, disk electrical activity, mouse movements, and instantaneous values of the system clock. The source, or combination of sources, serve as input to an algorithm that produces random binary output. The TRNG may simply involve conversion of an analog source to a binary output. The TRNG may involve additional processing to overcome any bias in the source;
Aforajayshahnirma.wordpress.com
True Random Number Generator (TRNG)
Aforajayshahnirma.wordpress.com
Pseudorandom Number Generator (PRNG)
PRNG takes as input a fixed value, called the seed, and produces a sequence of output bits using a deterministic algorithm. Typically, as shown, there is some feedback path by which some of the results of the algorithm are feed back as input as additional output bits are produced. The important thing to note is that the output bit stream is determined solely by the input value or values, so that an adversary who knows the algorithm and the seed can reproduce the entire bit stream.
Aforajayshahnirma.wordpress.com
End of the Unit-2
Aforajayshahnirma.wordpress.com