Download presentation
Published byAda Matilda Lyons Modified over 8 years ago
1
Information Security Prepared By: Prof. Ajaykumar T. Shah
Aforajayshahnirma.wordpress.com
2
Stream Cipher A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. Examples: One Time Pad. In which the keystream ki is as long as the plaintext bit stream pi . If the cryptographic key stream is random, then this cipher is unbreakable by any means other than acquiring the key stream. However, the key stream must be provided to both users in advance via some independent and secure channel. Aforajayshahnirma.wordpress.com
3
Block Cipher A block cipher is one in which a block of plaintext is treated as a whole and used to produce a cipher text block of equal length. Typically, a block size of 8 or 64 bytes is used. As same as stream cipher, the two users share a symmetric encryption key. Plaintext: 227 bytes Block size: 16 bytes =227/16 = 14 blocks & 3 bytes Total Blocks 15 in which last block contain 3 bytes and padding bytes Aforajayshahnirma.wordpress.com
5
Difference Stream Cipher Block Cipher
Stream cipher operates on smaller Units of Plaintext Block cipher operates on larger block of data Faster than block cipher Slower than Stream Cipher Stream cipher processes the input element continuously producing output one element at a time Block cipher processes the input one block of element at a time, producing an output block for each input block Require less code Requires more code Only one time of key used. Reuse of key is possible Ex: One time pad Ex: DES (Data Encryption Standard) Application: SSL (secure connection on the web) Application: Database, file encryption. Stream cipher is more suitable for hardware implementation Easier to implement in software. Aforajayshahnirma.wordpress.com
6
Generate n-bit-n-bit block Substitution
Aforajayshahnirma.wordpress.com
7
Generate n-bit-n-bit block Substitution
Aforajayshahnirma.wordpress.com
8
Feistel Cipher Structure
Substitution: Each plaintext element or group of elements is uniquely replaced by a corresponding cipher text element or group of elements. Permutation: A sequence of plaintext elements is replaced by a permutation of that sequence. That is, no elements are added or deleted or replaced in the sequence, rather the order in which the elements appear in the sequence is changed. Aforajayshahnirma.wordpress.com
9
Feistel Cipher Structure cont…
Parameters and Design Features Block Size If Larger block is used security is greater but speed is reduced, normal 64 bit is used in block cipher method Key Size If Larger key is used security is greater but speed is reduced, default key length is 128 bits. Number of Rounds Security is increased by increasing the no. of rounds but typical size is 16 rounds. Subkey generation Round Function Aforajayshahnirma.wordpress.com
11
Aforajayshahnirma.wordpress.com
12
Diffusion and Confusion
To make the statistical relationship between the plaintext and cipher text as complex as possible in order to thwart attempts to discover the key. Can be achieved by a Permutation followed by a function Confusion To make the relationship between the statistics of the cipher text and the value of the encryption key as complex as possible to thwart attempts to discover the key. Can be achieved by a Substitution. Aforajayshahnirma.wordpress.com
13
Data Encryption Standard (DES)
DES Encryption Initial Permutation Details of Single Round Key Generation The Avalanche Effect Aforajayshahnirma.wordpress.com
15
Initial Permutation The permutation X = IP(M) The inverse permutation
Y = IP-1(X) = IP-1(IP(M)) The original ordering is restored Aforajayshahnirma.wordpress.com
16
Single Round F function Ri-1 is expanded to 48-bits using E.
The result is XORed with the 48-bit round key. The 48-bit is substituted by a 32-bit. The 32-bit is permuted by P.
17
E-Step First divide the 32-bit block into eight 4-bit words.
Attach an additional bit on the left to each 4-bit word that is the last bit of the previous 4-bit word. Attach an additional bit to the right of each 4-bit word that is the beginning bit of the next 4-bit word. Aforajayshahnirma.wordpress.com
18
E-Step Cont… Expansion E 32 bits 48 bits 16 bits are reused.
Permutation P Aforajayshahnirma.wordpress.com
19
E-Step with S Boxes Cont…
Substitution 48 bits 32 bits 8 S-boxes Each S-box get 6 bits and Output 4 bits. Aforajayshahnirma.wordpress.com
20
Single Round of DES Algorithm
21
S-Boxes Aforajayshahnirma.wordpress.com
22
S-Boxes Aforajayshahnirma.wordpress.com
23
Working of S-Boxes Outer bits 1 & 6 (rowbits) select one rows
Inner bits 2-5 (colbits) are substituted Example : Input : The row is 01 (row 1) The column is 1100 (column 12) Output is 1001
24
Key Generation A 64-bit key used as input Every 8th bit is ignored.
Thus, the key is 56 bits. PC1 permute 56 bits into two 28-bit halves. Aforajayshahnirma.wordpress.com
25
DES Decryption Decryption uses the same algorithm as encryption.
Feistel cipher Round key schedule is reversed. Aforajayshahnirma.wordpress.com
26
The Avalanche Effect A small change of plaintext or key produces a significant change in the cipher text. DES exhibits a strong avalanche effect. Aforajayshahnirma.wordpress.com
27
The Avalanche Effect cont…
Example Aforajayshahnirma.wordpress.com
28
The Avalanche Effect cont…
Example Aforajayshahnirma.wordpress.com
29
The Strength of DES The Use of 56-bit keys
The Nature of the DES Algorithm Timing Attacks Aforajayshahnirma.wordpress.com
30
The Use of 56-bits Keys If the key length is 56-bit, we have 256= 7.2 x 1016 keys A single m/c performing one DES encryption / microsecond takes more than 1000 yrs to break the cipher. (brute-force attack becomes impractical) Diffie and Hellman - the same can be possible if we implement it by using parallel m/c with 1 million devices it takes 10 hours but the cost for developing it is too high ($20 million dollars) In 1998, Electronic Frontier Foundation (EFF) announced ‘DES cracker’ which can attack DES in 3 days. It was built for less than $250,000. EEF has published their detailed description of the M/C , enabling others to build their own crackers (making DES virtually worthless) Aforajayshahnirma.wordpress.com
31
Strength… Plain text Only English - easily automated
Has compressed before encryption - difficult to automate Data with numeric values - more difficult to automate To supplement brute force attack some degree of knowledge about plaintext is required. EEF addressed an alternatives to DES AES(key size is 128 ~ 256 bit) and triple DES (112 ~ 168 bit) Aforajayshahnirma.wordpress.com
32
Nature of DES Possibilities of cryptanalysis is done by finding the characteristics of DES Algorithm Learning of S-Box logic is complex Weakness of S-Box has not been discovered Aforajayshahnirma.wordpress.com
33
Block Cipher Design Principles
Criteria for S- Boxes. No output bit of any S-box should be too close a linear function of the input bits. Specifically, if we select any output bit and any subset of the six input bits, the fraction of inputs for which this output bit equals the XOR of these input bits should not be close to 0 or 1, but rather should be near 1/2. Each row of an S-box should include all 16 possible output bit combinations. If two inputs to an S-box differ in exactly one bit, the outputs must differ in at least two bits. Aforajayshahnirma.wordpress.com
34
Block Cipher Design Principles
If two inputs to an S-box differ in the two middle bits exactly, the outputs must differ in at least two bits. If two inputs to an S-box differ in their first two bits and are identical in their last two bits, the two outputs must not be the same. For any nonzero 6-bit difference between inputs, no more than eight of the 32 pairs of inputs exhibiting that difference may result in the same output difference. This is a criterion similar to the previous one, but for the case of three S-boxes. Aforajayshahnirma.wordpress.com
35
Cipher Block Modes of Operations
Electronic Code Book (ECB) Cipher Block Chaining Mode (CBC) Cipher Feedback Mode (CFB) Counter Mode Aforajayshahnirma.wordpress.com
36
Electronic Code Book (ECB)
Plaintext is handled one block at a time and each block of plaintext is encrypted using the same key. The term codebook is used because, for a given key, there is a unique cipher text for every bit block of plaintext. Therefore, we can imagine a gigantic codebook in which there is an entry for every possible -bit plaintext pattern showing its corresponding cipher text. Aforajayshahnirma.wordpress.com
38
Electronic Code Book (ECB)
The ECB method is ideal for a short amount of data, such as an encryption key. Thus, if you want to transmit a DES or AES key securely, ECB is the appropriate mode to use. The most significant characteristic of ECB is that if the same bit block of plaintext appears more than once in the message, it always produces the same cipher text. For lengthy messages, the ECB mode may not be secure. If the message is highly structured, it may be possible for a cryptanalyst to exploit these regularities. Aforajayshahnirma.wordpress.com
39
Cipher Block Changing Mode (CBC)
A simple way to satisfy this requirement is the cipher block chaining (CBC) mode. In this scheme, the input to the encryption algorithm is the XOR of the current plaintext block and the preceding cipher text block; the same key is used for each block. For decryption, each cipher block is passed through the decryption algorithm. The result is XORed with the preceding cipher text block to produce the plaintext block. To see that this works, we can write Aforajayshahnirma.wordpress.com
40
Initialization Vector
41
Cipher Feedback Block (CFB)
The input to the encryption function is a -bit shift register that is initially set to some initialization vector (IV). The leftmost (most significant) bits of the output of the encryption function are XORed with the first segment of plaintext P1 to produce the first unit of cipher text C1, which is then transmitted. In addition, the contents of the shift register are shifted left by s bits, and C1 is placed in the rightmost (least significant) s bits of the shift register. This process continues until all plaintext units have been encrypted. Aforajayshahnirma.wordpress.com
42
Cipher Feedback Block (CFB)
Aforajayshahnirma.wordpress.com
43
Cipher Feedback Block (CFB)
Aforajayshahnirma.wordpress.com
44
Counter Mode The counter is encrypted and then XORed with the plaintext block to produce the cipher text block; there is no chaining. For decryption, the same sequence of counter values is used, with each encrypted counter XORed with a cipher text block to recover the corresponding plaintext block. Thus, the initial counter value must be made available for decryption. Aforajayshahnirma.wordpress.com
45
Counter Mode Aforajayshahnirma.wordpress.com
46
Counter Mode Aforajayshahnirma.wordpress.com
47
Cryptanalytic Attacks.
Ciphertext-only attack Known-plaintext attack Chosen-plaintext attack Adaptive chosen plaintext attack Aforajayshahnirma.wordpress.com
48
Ciphertext only attack
The cryptanalyst has the cipher text of several messages, of all of which have been encrypted using the same encryption algorithm. The analyst may be able to capture one or more plaintext message as well as their encryptions. Better yet to assume the key used to encrypt the messages, in order to decrypt other messages encrypted with the same key. Aforajayshahnirma.wordpress.com
49
Known Plaintext attack
The cryptanalyst has access not only to the ciphertext of several messages, but also to the plaintext of those messages Job is to deduce the key used to encrypt the messages. OR an algorithm to decrypt any new messages encrypted with the same key. It is also referred to as a probable word attack. Aforajayshahnirma.wordpress.com
50
Chosen Plaintext attack
This is more powerful than a known plaintext attack because the cryptanalyst can chose specific plaintext blocks to encrypt. The cryptanalyst not only has access to the ciphertext and associated plaintext for several messages, but he also chooses the plaintext that gets encrypted. Aforajayshahnirma.wordpress.com
51
Adaptive Chosen Plaintext attack
Not only can the cryptanalyst choose the plaintext that is encrypted , but he can also modify his choice based on the result of the previous encryption. A cryptanalyst might just be able to choose one large block of the plaintext to be encrypted – in chosen plaintext attack. Aforajayshahnirma.wordpress.com
52
Double DES The simplest form of multiple encryption has two encryption stages and two keys. Given a plaintext P and two encryption keys K1 and K2, ciphertext C is generated as C = E(K2, E(K1, P)) Decryption requires that the keys be applied in reverse order: P = D(K1, D(K2, C))
53
Triple DES The simplest form of multiple encryption has three encryption stages and three keys. Given a plaintext P and three encryption keys K1, K2 and K3, ciphertext C is generated as C = E(K3, D(K2, E(K1, P))) Decryption Process is shown below P = D(K3, E(K2, D(K1, P)))
54
International Data Encryption Algorithm
IDEA is Block Cipher. Works on 64 bits plaintext blocks. Key is longer and consist of 128 bits. IDEA use Diffusion and Confusion for Encryption. Plaintext = 64 bits Total 4 block of Plaintext each containing 16bits. Plaintext = (p1,p2,p3,p4) Eight Round in Algorithm. 6 sub key is generated in each such round from the original key. Aforajayshahnirma.wordpress.com
55
BLOCK DIAGRAM Input Plaintext(64 bits)
P1 (16 bits) P2 (16 bits) P3 (16 bits) P4 (16 bits) K1 K6 Round 1 K7 K12 Round 2 K43 K48 Round 8 K49 K52 Output Transformation C1 (16 bits) C2 (16 bits) C3 (16 bits) C4 (16 bits) Input Ciphertext(64 bits)
56
Details of Single Round in IDEA
Step1: Multiply P1 and K1 (P1 * K1) Step2: Add P2 and K2 (P2 + K2) Step3: Add P3 and K3 (P3 + K3) Step4: Multiply P4 and K4 (P4 * K4) Step5: XOR the result of step 1 and step 3 Step6: XOR the result of step 2 and step 4 Step7: Multiply the result of step 5 with K5. Step8: Add the result of step 6 and step 7. Step9: Multiply the result of step 8 with K6. Step10: Add the result of step 7 and step 9. Step11: XOR the result of step 1 and step 9. Step12: XOR the result of step 3 and step 9. Step13: XOR the result of step 2 and step 10. Step14: XOR the result of step 4 and step 10. Aforajayshahnirma.wordpress.com
57
Structure of Single Round in IDEA
P P P P4 XOR MULTIPLICATION ADD C C C C4
58
Strength of IDEA IDEA uses a 128 bits key, which is double than the key size of DES. Thus, to break into IDEA, 2128 (i.e. 1038) encryption operations would be required. As before, even if we assume that to obtain the correct key, only half of the possible keys need to be examined and tried out, a single computer performing one IDEA encryption per microsecond would require more than years to break IDEA! Aforajayshahnirma.wordpress.com
59
RC RC4 was designed by Ron Rivest of RSA Security in 1987.
RC4 is known as “Rivest Cipher 4”. RC5 is the modified version of RC4. Word Size in bits (Encry 2-word blocks at a time): 16, 32, 64 No. of Rounds: 0-255 No. 0f 8-bit Bytes in the key: 0-255 Aforajayshahnirma.wordpress.com
60
RC5 RC5 use only primitive computer operations such as addition, substation, XOR, shift, etc. RC5 requires less memory for execution and therefore suitable not only for desktop computer but also for smart cards and other devices that have a small memory capacity. Parameter Allowed Values Word size in bits (RC5 encrypt 2 word at a time) 16, 32, 64 Number of Rounds 0-255 Number of 8-bit bytes in the key Aforajayshahnirma.wordpress.com
61
Encryption using RC5
62
Key Generation in RC5
63
BLOWFISH Blowfish was design on the following objectives:
FAST: Blowfish encryption rate on 32-bit microprocessors is 26 clock cycles per byte. COMPACT: Blowfish can execute in less than 5kb memory. SIMPLE: Blowfish uses only primitives operations, such as addition XOR, and table lookup, making its design and implementation simple. SECURE: Blowfish has a variable key length up to a maximum of 448 bits long, making it both flexible and secure. Aforajayshahnirma.wordpress.com
64
BLOWFISH Encryption
65
Function F in Blowfish Aforajayshahnirma.wordpress.com
66
Advance Encryption Standard
AES Evaluation Security: Actual Security compared to other submitted standard. Randomness: The extent to which the algorithm output indistinguishable from a random permutation on the input block. Soundness of the mathematical basis for the algorithm’s security. Aforajayshahnirma.wordpress.com
67
Advance Encryption Standard
Cost: Licensing requirements: When the AES is issued, the algorithm specified the AES shall be available on a worldwide, non –exclusive, royalty free basis. Computational efficiency: The evaluation of computational efficiency will be applicable to both hardware and software implementation. Memory requirements: The memory requirement for implementing the algorithm in hardware and software will be considered. Aforajayshahnirma.wordpress.com
68
Advance Encryption Standard
Algorithm and Implementation characteristics: This category includes a variety of considerations, including flexibility; suitability for a variety of hardware and software implementations; and simplicity, which will make an analysis of security more straight forward. Aforajayshahnirma.wordpress.com
69
Advance Encryption Standard
General Security Software implementations Restricted-space environments Hardware implementations Attacks on implementations Encryption versus decryption Key agility Other versatility and flexibility Potential for instruction-level parallelism Aforajayshahnirma.wordpress.com
70
AES Encryption Process
State
71
AES Round Contains Byte Substitution Row Shift Column mixing
Round Key Addition Aforajayshahnirma.wordpress.com
72
AES Data Structure Aforajayshahnirma.wordpress.com
73
AES Data Structure Aforajayshahnirma.wordpress.com
74
AES Encryption And Decryption
76
AES Bites Level Operations
77
AES Row and Column Operations
Shift Row Transformation AES Row and Column Operations Aforajayshahnirma.wordpress.com
78
Shift Column Transformation
Aforajayshahnirma.wordpress.com
79
There are two distinct requirements for a sequence of random numbers:
A number of network security algorithms and protocols based on cryptography make use of random binary numbers: Key distribution and reciprocal authentication schemes Session key generation Generation of keys for the RSA public-key encryption algorithm Generation of a bit stream for symmetric stream encryption There are two distinct requirements for a sequence of random numbers: Randomness Unpredictability
80
Randomness The generation of a sequence of allegedly random numbers being random in some well-defined statistical sense has been a concern Two criteria are used to validate that a sequence of numbers is random: Uniform distribution The frequency of occurrence of ones and zeros should be approximately equal Independence No one subsequence in the sequence can be inferred from the others Aforajayshahnirma.wordpress.com
81
Unpredictability The requirement is not just that the sequence of numbers be statistically random, but that the successive members of the sequence are unpredictable With “true” random sequences each number is statistically independent of other numbers in the sequence and therefore unpredictable True random numbers have their limitations, such as inefficiency, so it is more common to implement algorithms that generate sequences of numbers that appear to be random Care must be taken that an opponent not be able to predict future elements of the sequence on the basis of earlier elements Aforajayshahnirma.wordpress.com
82
Pseudorandom numbers Cryptographic applications typically make use of algorithmic techniques for random number generation. These algorithms are deterministic and therefore produce sequences of numbers that are not statistically random. If the algorithm is good, the resulting sequences will pass many reasonable tests of randomness. Such numbers are referred to as pseudorandom numbers. Aforajayshahnirma.wordpress.com
83
True Random Number Generator (TRNG)
A TRNG takes as input a source that is effectively random; the source is often referred to as an entropy source. In essence, the entropy source is drawn from the physical environment of the computer and could include things such as keystroke timing patterns, disk electrical activity, mouse movements, and instantaneous values of the system clock. The source, or combination of sources, serve as input to an algorithm that produces random binary output. The TRNG may simply involve conversion of an analog source to a binary output. The TRNG may involve additional processing to overcome any bias in the source; Aforajayshahnirma.wordpress.com
84
True Random Number Generator (TRNG)
Aforajayshahnirma.wordpress.com
85
Pseudorandom Number Generator (PRNG)
PRNG takes as input a fixed value, called the seed, and produces a sequence of output bits using a deterministic algorithm. Typically, as shown, there is some feedback path by which some of the results of the algorithm are feed back as input as additional output bits are produced. The important thing to note is that the output bit stream is determined solely by the input value or values, so that an adversary who knows the algorithm and the seed can reproduce the entire bit stream. Aforajayshahnirma.wordpress.com
86
End of the Unit-2 Aforajayshahnirma.wordpress.com
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.