Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter-2 Conventional Encryption Techniques BY:-H.M.Patel.

Similar presentations


Presentation on theme: "Chapter-2 Conventional Encryption Techniques BY:-H.M.Patel."— Presentation transcript:

1 Chapter-2 Conventional Encryption Techniques BY:-H.M.Patel

2 Block Cipher Principles. Block cipher:- Block cipher technique involves encryption of one block of text at a time. Decryption also takes one block of encrypted text at a time. A block cipher processes the input one block at a time producing an output block for each input block. Block cipher uses both confusion and diffusion

3 Stream cipher One Plaintext at a time can used for both encryption and decryption. Stream cipher processes the input elements continuously producing an output one element at a time as it goes along Stream cipher relies only on confusion

4

5 Fiestel Cipher Fiestel cipher is a product cipher and uses two basic ciphers in sequence in such a way that their result is cryptographically stronger. This method uses a cipher that alternates substitution and permutation

6 (a)Diffusion(transposition techniques also called as permutation techniques): - In diffusion, the statistical nature of plain text is dissipated into long range statistics of cipher text. This is done by making each bit of the plain text affect many bits of cipher text. The purpose of diffusion is to make the statistical relationship between the plain text and the cipher text as complex as possible to prevent the attacker from deducing the key.

7 (b)Confusion(substitution techniques): It is a technique of ensuring that cipher text gives no clue about the original plaintext. In confusion, the relationship between statistics of the cipher text and the encryption key is made as complex as possible using a complex substitution algorithm. This is done so that even if the attacker has understood the statistics of the cipher text he will not be able to discover the key due to complex relationship between the key and the cipher text.

8 Algorithm Classical Feistel Cipher The inputs to the encryption algorithm are: a plain text block of size 2w bits and a key having many sub keys K = {K1, K2,…, Kn} The plain text block is divided into two halves each of length w bits denoted by R0 for w rightmost bits and L0 for w leftmost bits. These two halves pass through n rounds of processing and are then combined to produce the cipher text block

9 Each round i has inputs Li-1 and Ri-1 derived from previous round and a key Ki derived from K Li is subjected to substitution by first applying a round function on Ri-1 and ex-oring the result with Li-1. The round function has same structure for each round but is parameterized by the round key Ki.

10 Consider the encryption process: LE16 = RE15 RE16 = LE15 * F (RE15, K16) On the decryption side LD1 = RD0 = LE16 = RE15 RD1 = LD0 * F(RD0, K16) = RE16 *F(RE15, K16) = [(LE15 * F(RE15, K16))] * F(RE15,K16) Following fig. shows the Fiestel cipher algorithm

11

12 Design principles: 1. Block size: Increasing the block size increases complexity and thus improves security. But it slows the cipher. Typically block size is 64 bits 2. Key size: Increasing the key size improves security but slows the cipher. Typically key size is 128 bits. 3. Round function: Complex functions improve security but slow the cipher. 4. Number of rounds: Increasing the number of rounds improves complexity but slows down the cipher. Typically 16 rounds are used

13 Explain Simplified DES History of DES: The Data Encryption Standard (DES) is asymmetric-key block cipher published by the National Institute of Standards and Technology (NIST). In 1973, NIST published for proposals for a national symmetric-key cryptosystem. A proposal from IBM, a modification of a project called Lucifer, was accepted as DES. DES was published in the Federal Register in March 1975 as a draft of the Federal Information Processing Standard (FIPS)

14 Explain How to DES works?

15 DES uses a 56-bit key. The initial key consists of 64 bits. Before the DES process even starts, every 8 bit of the key is discarded to produce a 56-bit key. That is, bit positions 8,16,24,32,40,48,56 and 64 are discarded

16

17

18

19

20 Triple DES Triple DES is the common name for the Triple Data Encryption Algorithm(TDEA) block cipher. Triple DES is simply another mode of DES operation. It takes three 64-bit keys, for an overall key length of 192 bits. It is so difficult because it applies the Data Encryption Standard (DES) cipher algorithm three times to each data block

21 Triple DES uses 2 or 3 keys Brute force search impossible on Triple DES. Triple DES runs three times slower than standard DES, but is much more secure if used properly. In figure shows the 3DES method with three key.

22

23

24 Triple DES uses a "key bundle" which comprises three DES keys, K1, K2 and K3, each of 56 bits (excluding parity bits). The encryption algorithm is: cipher text = EK3(DK2(EK1(plaintext))) Decryption is the reverse: Plaintext = DK1(EK2(DK3(ciphertext))) i.e. decrypt with K3, encrypt with K2, then decrypt with K1. Each triple encryption encrypts one block of 64 bits of data. In each case the middle operation is the reverse of the first and last

25 Tripal DES with three Key Plain Text Encryption Cipher Text Decrypti on K1 K2 Plain Text K3 Encryption Final Cipher Text

26 International Data Encryption Algorithm (IDEA) In cryptography, the International Data Encryption Algorithm (IDEA) is a block cipher described in1991. As a block cipher, it is also symmetric. The algorithm was replacement for the Data Encryption Standard IDEA is a minor change of an earlier cipher, PES (Proposed Encryption Standard); IDEA was originally called IPES (Improved PES)

27 IDEA operates on 64-bit blocks using a 128-bit key IDEA derives much of its security by interleaving operations from different groups like modular addition and multiplication, and bitwise exclusive OR (XOR).

28 C.T (64 bits)

29

30 Conti…..

31 Rc5. Block size variable 16, 32, and 64 bits, Key size (in number of bytes) Fast, Simple, High security (with suitable parameters). Number of rounds is also variable.. RC5 is simple to implement.. Memory requirements are slow.. RC5 provides high security.. Rotation is not depends upon the data.

32 In cryptography, RC5 is a block cipher notable for its simplicity. Designed by Ronald Rivest in 1994, RC stands for "Rivest Cipher", or alternatively, "Ron's Code". The Advanced Encryption Standard (AES) candidate RC6 was based on RC5

33 Rc2. In cryptography, RC2 is a block cipher designed by Ron Rivest in "RC" stands for "Ron's Code" or "Rivest Cipher"; other ciphers designed by Rivest include RC4, RC5 and RC6. Block Cipher: 64 bit block Number of rounds: 18 (16 MIXING + 2 MASHING) Key Size: Variable. [8–128 bits, in steps of 8 bits; default 64 bits

34 Characteristics of advanced symmetrical block cipher. Variable key length, – Mixed operators – Data dependent rotation – Key-dependent rotation – Key-dependent S-boxes – Lengthy key scheduling algorithms – Variable F – Variable plaintext/ciphertext block length – Variable number of rounds – Operation on both halves of data

35 Key distribution. For symmetric encryption to work over a network, the two parties (Sender and Receiver) must exchange and share the same keys, while protecting access to the keys from others. Key distribution refers to the means of delivering a key to two parties who wish to exchange data, without allowing others to see the key.

36 For two parties A and B key distribution can be achieved in a number of ways, as follows: 1. A key could be selected by A and physically delivered to B. 2. A third party could select the key and physically deliver it to A and B. 3. If A and B have previously used a key, one party could transmit the new key to the other, encrypted using the old key. Options 1 and 2 call for manual delivery of a key.

37

38 Communication between end systems is encrypted using a temporary key, often referred to as a session key. Typically, the session key is used for the duration of a logical connection, such as a frame relay connection or transport connection, and then discarded Each session key is obtained from the key distribution center over the same networking facilities used for end-user communication

39 For each end system or user, there is a unique master key that it shares with the key distribution center

40 Key Distribution Scenario

41 Let us assume that user A wishes to establish a logical connection with B and requires a one-time session key to protect the data transmitted over the connection. A has a master key, Ka, known only to itself and the KDC; similarly, B shares the master key Kb with the KDC

42 The KDC responds with a message encrypted using Ka Thus, A is the only one who can successfu Thus, A can verify that its original request was not altered before reception by the KDC and, because of the nonce, that this is not a replay of some previous request. In addition, the message includes two items intended for B These last two items are encrypted with Kb They are to be sent to B to establish the connection and prove A's identity.

43 Automatic Key Distribution for Connection Oriented Protocol

44 The steps involved in establishing a connection are shown in the figure. When one host wishes to set up a connection to another host, it transmits a connection-request packet The SSM saves that packet and applies to the KDC for permission to establish the connection The communication between the SSM and the KDC is encrypted using a master key shared only by this SSM and the KDC. If the KDC approves the connection request, it generates the session key and delivers it to the two appropriate SSMs, using a unique permanent key for each SSM The requesting SSM can now release the connection request packet, and a connection is set up between the two end systems All user data exchanged between the two end systems are encrypted by their respective SSMs using the one-time session key.


Download ppt "Chapter-2 Conventional Encryption Techniques BY:-H.M.Patel."

Similar presentations


Ads by Google