CRYPTOGRAPHY

SYLLABUS Unit 1:
Introduction- the concept of security-introduction the need for security - security approaches-principles of security types of attacks. Cryptography techniques: introduction-plaintext and cipher text- substation techniques transposition techniquesencryption and decryption symmetric and asymmetric key cryptography stegnography -- key range and key size - possible types of attacks.

Unit 2: Computer based symmetric Key Cryptography Algorithms: Introduction-Algorithm Types and Modes-An overview of Symmetric Key Cryptography-Data Encryption Standard(DES)-International Data Encryption Algorithm(IDEA)-RC5-Blow fish-

Advanced Encryption Standard(AES)-Differential and linear Cryptanalysis-Computer Based Asymmetric Cryptography Algorithm: Introduction-Brief History of Asymmetric Cryptography-An overview of Asymmetric Key Cryptography-The RSA algorithmSymmetric and Asymmetric Key Cryptography together-Digital Signatures-Knapsack Algorithm-Some other Algorithm

Text book: Cryptography and Network Security, Atul Kahate, TMH 2006

Reference: Cryptography and Network Security-Behrouz A.Forcizan, The MC Graw Hill, 2008

CRYPTOGRAPHY

CRYPTOGRAPHY
UNIT I: INTRODUCTION Cryptography is the science of diverse field of problems related to encryption and decryption techniques, privacy of communication, authentication, digital signatures and much more. However, its main task is the constant quest for making the exchange of information totaly secure. As such, its task has not change for centuries. Since secret writing hieroglyphic system, through Juliush Cesar "Cesar cipher", German Enigma to latest public-key systems, scientists and practitioners around the world, known as cryptographers are in this quest of hiding information from unauthorized eyes. Definition Cryptography is the study of mathematical techniques related to aspects of informationsecurity such as confidentiality, data integrity, entity authentication, and data originauthentication.Cryptography is not the only means of providing information security, but rather one set oftechniques.

NEED FOR SECURITY: When computer application were developed to handle Financial and personal data the real need for security was felt like never before. People realized that data on computers was an extremely important aspect of such security important aspect of modern life. Two typical (Ex)of such security mechanisms were as follows: Provide a user id and password every user and use that information to authenticate a user. Encode information stored in the data base in some fashion so that is not visible to users who do not have the rights permission. CRYPTOGRAPHY

 Organizations employed their own mechanisms in order to provide for these kinds basics security mechanisms.

Modern nature of attacks: Difference in computer based system is mainly due to the speed at which things happen and the accuracy that we get, as compared do the traditional world. We can highlight a few salient features of the modern nature of attack as follows:Automatic attacks: The speed of computer makes several attacks worth while. For the example, in the real world, support that someone manges to create a machine that can produce conducing coins. However producing so many coins on a mass scale may not be that much economical compared to the return on that investment. They are quit efficient and happy in doing routine mundane and repetitive tasks. For the example, they would excel in somehow stealing a very low amount from a million bank accounts in a matter of few minuets. Humans dislike mundance and repetitive tasks. Automatically them can cause destruction or quit rapidly. Privacy cancers: Collecting information about people and later using it is turning out to be a high problem these days. The so called data mining applications gather process and tabulate all sorts of details about individuals. People can then illegally sell this information for the example; companies like expression Trans union and Equifax maintain credit history of individual in the USA. These companies have volumes of information about a majority of citizens of that country CRYPTOGRAPHY

 These companies can collect, polish and format all sorts of information to who server is ready to pay for the data. Every company are collecting and processing mind boggling amount information about us. Distance dose not matters: Money in digital from inside computer and moves around by using computer networks. Therefore a modern thief would perhaps not like to wear a mask and attempt a robbery. Instead, it is far easier and cheaper to attempt on attack on the computer system of the bank sitting at home. SECURITY APPROCHES:Trusted system: A trusted system is a computer system that can be trusted to a specified extent to enforce a specified security policy. Naturally, following are the expansion from the reference monitor.

a. It should be tamperproof b. It should always be invoked c. It should be small enough so that it con be independently. The deal with lattice based information follows in computer system.

Security models:An organization can tasks several approaches to implement its security model let us summarize these approaches. No security:In this simplest case, the approach could be a decision to implement no security at all. Security trough obscurity: CRYPTOGRAPHY

In this model, a system is secure simply. Because nobody knows about its existence and contents. This approach cannot work for attacker can come to know about it.

Host security: In this scheme the security for each host enforced individual, this is a very safe approach. Network security: In this technique the focus is to control network access to various host and their scurries rather than individual host security. This is very efficient and scalable model. Security management practices:Good security management practices always talk of a security policy being in place. A good security policy generally takes care key aspects as follows Affordability :: cost and effort in security implementation Factuality:: mechanisms of providing security. Legality :: whether the policy meats the legal requirements Cultural issues: whether the policy gets well with peoples expectations working style and believes. Once a security policy is in place, the following points should be ensured. A. Explanation of the policy to all concerned. B. Outline everybody responsibilities. C. Use simple language in all communications. D. Establishment of accountability. E. Provisions for exception and periodic reviews. That all about security approaches.

PRINCIPLES OF SECURITY:-

CRYPTOGRAPHY

Let as assume that a person a wants to send a check worth $100 to another person B. Normally are the factors that A and B will think of in such case, A will write the check for $100, put it in envelope and send it to B. Confidently:A will like to ensure that no one except B gets the envelope and even if some one else get does not come to know about the details of the check. This is the principles of confident. Integrity:A and b will further like to make sure that no one can temper with the contends of the check as its amount, data, signature, name of the payee, etc.

Authentication:B would like to be assured that the check has someone posing as a. as it could be a flack check in the case. Non-repudiation:What will happen? Tomorrow if B deposits the check in her account, the money is transferred As account to Bs account and then A refute this claim and settle the dispute.

Repudiation:These are the four principles of security. There are tow access control and availability which are not related to a particular message, but are linked to the over all system as a whole. Access control:The principle of access control determines who should be able to access what. For instance, we should be able to specify the user A can view the records in a subset of an access control matrix. Access control is broadly related to tow areas. That are, Rule management Role management

CRYPTOGRAPHY

Rule management: focuses on the resources side (which resources is accessible and under what circulates). Role management: concentrates on the user side (which user can do what) Availability:The principles of availability states the resources should be available to authorized parties at all times. This also defined seven layers of security in the from of, Authentications Access control Non-repudiation Data integrity Confidentiality Assurance or availability Not arizationor signature

TYPES OF ATTACKS:We shall attacks with respect to two views: the common persons view and a technologists view.

Attack a general view: From a common person of view, can classify attack into three categories. Let as discuss these attacks. Criminal attacks:Criminal attacks are the simplest to understand. Here the sole aim of the attackers is to maximize financial Gain by attacking computer system. Publicity attacks: Publicity attacks occur because the attackers want to see there names appear on television new channels and newspaper. One of the most famous such attacks occurred on the us department of justices web site in 1996. The New York Times home page was also famously defaced tow year later. CRYPTOGRAPHY

Legal attacks:The aim of the attacker is to exploit the weakness of the judge and the jury in technology matters. For example, an attacker may sue a bank for a performing an online transaction, which she never wanted to perform. Security attacks: Passive attack Active attack Passive attack: The passive attack attempt to learn or make use of information from the system. Two types of passive attacks are Release of message Traffic analysis Release of message:A telephone conversion and electronic mail message and a transfer may can contains sensitive or confidently information. Traffic analysis:The common technique for masking contents is encryption. The opponent could determine the location and the identify of communication cost and could observe the frequency and length of the message being exchange. Active attack:An active attack involves some modification of the data stream. These are divided into three categories. Interruption Modification Fabrication Interruption:Trying to pose as another entity involves masquerade attacks.

Modification:CRYPTOGRAPHY

Modification attacks can be classified further into replay attacks and alteration of message.

Fabrication:Fabrication causes denial of service attacks.

CRYPTOGRAPHY TECHNIQUES: Introduction:

Cryptography comes from the Greek words for secret writing. The messages to be encrypted know as plaintext. The output of the encryption process is known as cyphertext.

Cryptography:Cryptography diminutions. The types of operation used for transforming pt to ct. The number of key words The way in which the plaintext is processed If the sender and receiver use different keys, the system is refers to as asymmetric two keys or public key encryption. system is characterized along three independent

Stream cipher:A stream cipher process the input element continuously producing output one element at a time as goes along. Crypt analysis:Crypt analysis attacks rely on the nature of the algorithm. Plus perhaps some knowledge of general characterizes tics of plaintext. There are five types of attacks Cipher ext only

CRYPTOGRAPHY

Known plaintext Chosen plaintext Chosen cipher text Chosen text Cipher text only:The cipher text only attack is the easiest to defend against because the opponent has the least amount of information to work with. Known plaintext:The known plaintext is what might be referred to as probable work attack. If the opponent is working with the encryption of some general message may have little knowledge of what is in the message is occur. Chosen plaintext:If the analysis able to get the source system to insert into the system message chose by the analysis then the chosen plaintext is possible.

ENCRYPTION TECHNIQUES: There are two types of encryption techniques: Substation techniques Transportations techniques A substation technique is one is which the letters of plain text are replaced by other letters or by numbers or symbols. Plaintext: A B C D E F G H I J K L M N O P Q R S T U

V W X Y Z Ciphertext: O P J K L M N Q R S T U V W X Y Z A B C D E F G H I

SUBSTUTION TECHNIQUES:There are seven types of categories. Caesar cipher CRYPTOGRAPHY

 Modified version of Caesar cipher Mono-alphabetic cipher Homophonic substation cipher Polygram substation cipher Polyalphabetic substation cipher Playfair cipher Caesar cipher:One of the oldest known ciphers is the Caesar cipher attributed to Julius Caesar.

Plaintext:

A B C D E F G H I J K

L M N O P Q R S T U

V W X Y Z Cyphertext: O P J K L M N Attack = DWWDFN Meet me = PHHWPH The encryption algorithm is: C= E (K.P) = (P+K) MOD 26 The decryption algorithm is: P = D (K.C) = (C-K) MOD 26 Mono-alphabetic cipher:The general system of symbol for symbol substation is called mono-alphabetic cipher substation with a key being the 26 letters string corresponding to the alphabet. In English most common letters are et,t,o,an,I,th,in,er,re,an,the,ing and ion. The most common three letters combination is T (x) e x h T h (y) y a Q Z W n z Q R S T U V W X Y Z A B C D E F G H I

Polygram substation cipher:-

CRYPTOGRAPHY

The Polygram substation cipher is a technique rather than replacing one plain text alphabet with one cipher at a time. (e.x) hello = yuqqw Polyalphabetic substation cipher:This cipher uses multiple one character keys features: It use a set of related mono-alphabetic substation rotes. It use a key that determines which rule is used for which transformation. Play fair cipher: Creation and population of matrix Encryptions process P I L A Y F X M G H Q S

R E

B C D K N O T

Y W V Z

There are five type of encryption process. If the both alphabetic are same adder x after the first alphabet.

TRANSPOSITION TECHNIQUES: This is techniques for replace one alphabet with another there are four techniques are available, there are Rail fence technique Simple columnar transposition Verna cipher Book cipher / running key cipher

Rail fence technique:-

CRYPTOGRAPHY

The rail fence tech is an example of transposition it is use a simple algorithm. Text every letter in the plain text message as a number so that a, A = 0, B = 1, z = 25. It has very little sophistications built in. Simple columnar transposition:Simple columnar transposition techs with multiple rounds are used to improve the basic simple columnar transposition techniques. (e.x) consider the rectangle with six columns write the message in the rectangle row by row C1 C M R C2 O E R C3 M F O C4 E O W C5 H M -C6 O O --

Vern-am cipher:The vernam cipher is also called as one time pod. This is implemented using a random set of non repeating char actors as input cipher text. SYMMETRIC-KEY CRYPTOGRAPHY Introduction: An encryption system in which the sender and receiver of a message share a single, common key that is used to encrypt and decrypt the message. Contrast this with publickey cryptology , which utilizes two keys - a public key to encrypt messages and a private key to decrypt them. Symmetric-key systems are simpler and faster, but their main drawback is that the two parties must somehow exchange the key in a secure way. Public-key encryption avoids this problem because the public key can be distributed in a non-secure way, and the private key is never transmitted. CRYPTOGRAPHY

Symmetric-key cryptography is sometimes called secret-key cryptography. The most popular symmetric-key system is the Data Encryption Standard (DES). Symmetric-Key Cryptography: In symmetric-key cryptography, we encode our plain text by mangling it with a secret key. Decryption requires knowledge of the same key, and reverses the mangling. ciphertext = encrypt( plaintext, key ) plaintext = decrypt( ciphertext, key )

Symmetric key cryptography is useful if you want to encrypt files on your computer, and you intend to decrypt them yourself. It is less useful if you intend to send them to someone else to be decrypted, because in that case you have a "key distribution problem": securely communicating the encryption key to your correspondent may not be much easier than securely communicating the original text.

It is good practice to assume the encryption algorithms that we have chosen to use are publically known; only the key is secret to the participants. Slogan: "obscurity is no security". Caesar cipher The key is a number between 1 and 25. Define code ('a') =0, code ('b') =1, ..., code('z')=25. encryption(c, key) = code-1( code(c)+key mod 26 ) Pros: Cons: trivial to break. How many keys are there? How can you break this cipher? Compression-then-substitution Compress the text first (in an attempt to avoid the frequency-of-letters attack), and then do a substitution of byte values, such as: CRYPTOGRAPHY simple.

original byte 0 cipher byte

... 255

123 53 221 102 ... 34

ASYMMETRIC-KEY CRYPTOGRAPHY We have now defined two functions that are hard to perform: computing the inverse of a one-way function and distinguishing the output of a pseudo-random function from a random function. We then gave high-level definitions of more useful operations: cryptographic hash functions and encryption, which can be based on one-way functions and pseudo-random functions, respectively. But shared keys are inherently limiting; these keys must be shared between each pair of principals and complicate the process of adding new principals to the system. Similarly, shared key operations are not easily applicable to cases where one principal performs an operation that affects many principals. An asymmetric key setup would solve both of these problems: each principal has its own key information that it does not need to share in secret with other principals. For an example of how problems arise in symmetric-key settings, consider how we might perform some of our shared-key operations in a context with, say, three principals, A, B, and C. Principal A wants to send a message to B and C in such a way that both know that it came from A. If A and B share key k AB and A and C share key kAC, then it's not obvious how to send a bit string that guarantees this property (though such schemes exist); the naive solution of computing a pair (MAC(m, k AB), MAC(m, kAC)) and sending it as an authenticator doesn't work if B and C don't trust each other or don't trust A, since one element of the pair might pass the check for one principal and the other not pass the check for the other principal. If A, B, and C all share a single key, then B or C could create a MAC that appears to come from A. CRYPTOGRAPHY

So, shared keys between more than two principals lose some properties. First, they lose their binding to identities. Second, authentication for different principals cannot be guaranteed. Third, they complicate open systems, in which new principals can appear at any time, since new principals must be given a key shared with each other principal. To get around this problem, recall the example of the stock broker. The client published a pair M1 and M2 of numbers. It happened that the stock broker was the principal that used these numbers and checked them, but any principal could have performed the stock broker's actions, since M1 and M2 were published by the client. We say that key information published like M1 and M2 is a public key and m1 and m2 are the corresponding private key. STEGANOGRAPHY Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. The word steganography is of Greek origin and means "concealed writing" from the Greek words steganos () meaning "covered or protected", and graphein () meaning "to write". The advantage of steganography, over cryptography alone, is that messages do not attract attention to themselves. Plainly visible encrypted messagesno matter how unbreakablewill arouse suspicion, and may in themselves be incriminating in countries where encryption is illegal. Therefore, whereas cryptography protects the contents of a message, steganography can be said to protect both messages and communicating parties. Steganography includes the concealment of information within computer files. In digital steganography, electronic communications may include steganographic coding inside of a transport layer, such as a document file, image file, program or protocol. Media files are ideal for steganographic transmission because of their large size.

CRYPTOGRAPHY

As a simple example, a sender might start with an innocuous image file and adjust the color of every 100th pixel to correspond to a letter in the alphabet, a change so subtle that someone not specifically looking for it is unlikely to notice it. Steganographic techniques Physical steganography Steganography has been widely used, including in recent historical times and the present day. Possible permutations are endless and known examples include: Hidden messages within wax tablets in ancient Greece, people wrote messages on the wood, then covered it with wax upon which an innocent covering message was written. Hidden messages on messenger's body also used in ancient Greece. Herodotus tells the story of a message tattooed on a slave's shaved head, hidden by the growth of his hair, and exposed by shaving his head again. The message allegedly carried a warning to Greece about Persian invasion plans. This method has obvious drawbacks, such as delayed transmission while waiting for the slave's hair to grow, and the restrictions on the number and size of messages that can be encoded on one person's scalp. During World War II, the French Resistance sent some messages written on the backs of couriers using invisible ink. Hidden messages on paper written in secret inks, under other messages or on the blank parts of other messages. Messages written in Morse code on knitting yarn and then knitted into a piece of clothing worn by a courier. Messages written on envelopes in the area covered by postage stamps. During and after World War II, espionage agents used photographically produced microdots to send information back and forth. Microdots were typically minute, approximately less than the size of the period produced by a typewriter. World War II microdots needed to be embedded in the paper and covered with an

CRYPTOGRAPHY

adhesive, such as collodion. This was reflective and thus detectable by viewing against glancing light. Alternative techniques included inserting microdots into slits cut into the edge of post cards. During World War II, a spy for Japan in New York City, Velvalee Dickinson, sent information to accommodation addresses in neutral South America. She was a dealer in dolls, and her letters discussed how many of this or that doll to ship. The stegotext was the doll orders, while the concealed "plaintext" was itself encoded and gave information about ship movements, etc. Her case became somewhat famous and she became known as the Doll Woman. Cold War counter-propaganda. In 1968, crew members of the USS Pueblo intelligence ship held as prisoners by North Korea, communicated in sign language during staged photo opportunities, informing the United States they were not defectors, but rather were being held captive by the North Koreans. In other photos presented to the U.S., crew members gave "the finger" to the unsuspecting North Koreans, in an attempt to discredit photos that showed them smiling and comfortable. Digital steganography

Image of a tree. Removing all but the two least significant bits of each color component produces an almost completely black image. Making that image 85 times brighter produces the image below.

CRYPTOGRAPHY

Image of a cat extracted from above image. Modern steganography entered the world in 1985 with the advent of the personal computer being applied to classical steganography problems.Development following that was slow, but has since taken off, going by the number of "stego" programs available: Over 800 digital steganography applications have been identified by the Steganography Analysis and Research Center.[Digital steganography techniques include: Concealing messages within the lowest bits of noisy images or sound files. Concealing data within encrypted data or within random data. The data to be concealed is first encrypted before being used to overwrite part of a much larger block of encrypted data or a block of random data (an unbreakable cipher like the one-time pad generates ciphertexts that look perfectly random if you don't have the private key). Chaffing and winnowing. Mimic functions convert one file to have the statistical profile of another. This can thwart statistical methods that help brute-force attacks identify the right solution in a ciphertext-only attack. Concealed messages in tampered executable files, exploiting redundancy in the targeted instruction set. Pictures embedded in video material (optionally played at slower or faster speed). Injecting imperceptible delays to packets sent over the network from the keyboard. Delays in keypresses in some applications (telnet or remote desktop

CRYPTOGRAPHY

software) can mean a delay in packets, and the delays in the packets can be used to encode data. Changing the order of elements in a set. Content-Aware Steganography hides information in the semantics a human user assigns to a datagram. These systems offer security against a non-human adversary/warden. Blog-Steganography. Messages are fractionalized and the (encrypted) pieces are added as comments of orphaned web-logs (or pin boards on social network platforms). In this case the selection of blogs is the symmetric key that sender and recipient are using; the carrier of the hidden message is the whole blogosphere. Modifying the echo of a sound file (Echo Steganography). Secure Steganography for Audio Signals. Image bit-plane complexity segmentation steganography (i.e., BPCS-

Steganography). Network steganography All information hiding techniques that may be used to exchange steganograms in telecommunication networks can be classified under the general term of network steganography. This nomenclature was originally introduced by Krzysztof Szczypiorski in 2003.Contrary to the typical steganographic methods which utilize digital media (images, audio and video files) as a cover for hidden data, network steganography utilizes communication protocols' control elements and their basic intrinsic functionality. As a result, such methods are harder to detect and eliminate. Typical network steganography methods involve modification of the properties of a single network protocol. Such modification can be applied to the PDU (Protocol Data Unit), to the time relations between the exchanged PDUs,[ or both (hybrid methods). Moreover, it is feasible to utilize the relation between two or more different network protocols to enable secret communication. These applications fall under the term interprotocol steganography.

CRYPTOGRAPHY

Network steganography covers a broad spectrum of techniques, which include, among others: Steganophony - the concealment of messages in Voice-over-IP conversations, e.g. the employment of delayed or corrupted packets that would normally be ignored by the receiver (this method is called LACK - Lost Audio Packets Steganography), or, alternatively, hiding information in unused header fields. WLAN Steganography the utilization of methods that may be exercised to transmit steganograms in Wireless Local Area Networks. A practical example of WLAN Steganography is the HICCUPS system (Hidden Communication System for Corrupted Networks) Printed steganography Digital steganography output may be in the form of printed documents. A message, the plaintext, may be first encrypted by traditional means, producing a ciphertext. Then, an innocuous covertext is modified in some way so as to contain the ciphertext, resulting in the stegotext. For example, the letter size, spacing, typeface, or other characteristics of a covertext can be manipulated to carry the hidden message. Only a recipient who knows the technique used can recover the message and then decrypt it. Francis Bacon developed Bacon's cipher as such a technique. The ciphertext produced by most digital steganography methods, however, is not printable. Traditional digital methods rely on perturbing noise in the channel file to hide the message, as such, the channel file must be transmitted to the recipient with no additional noise from the transmission. Printing introduces much noise in the ciphertext, generally rendering the message unrecoverable. There are techniques that address this limitation, one notable example is ASCII Art Steganography. Text steganography Steganography can be applied to different types of media including text, audio, image and video etc. However, text steganography is considered to be the most difficult kind of CRYPTOGRAPHY

steganography due to lack of redundancy in text as compared to image or audio but still has smaller memory occupation and simpler communication. The method that could be used for text steganography is data compression. Data compression encodes information in one representation into another representation. The new representation of data is smaller in size. One of the possible schemes to achieve data compression is Huffman coding. Huffman coding assigns smaller length codewords to more frequently occurring source symbols and longer length codewords to less frequently occurring source symbols KEY RANGE AND KEY SIZE: The cryptanalyst is armed with the following information: The encryption/decryption algorithm The encrypted message Knowledge about the key size The encryption/decryption algorithm is usually not a secret the key remains the challenge for a attacker. if the key is found , the attacker can resolve by working backward to the plain text message If usually takes a very small amount of time to try a key. The attacker can write computer programs that try many key in one second. The attacker finds the right key in the first attempt itself in the worst case; it is the 100 billionth attempts Mathematics tells that the average of the key can be found the half of the possible values in the key range can be checked. This is the guide line and may or may not work in a real for a given situation.

POSSIBLE TYPES OF ATTACKS: There are five possibilities of attacks: 1. cipher text only attack 2. known plain text attack

3. chosen pain text attack 4. chosen cipher text attack

CRYPTOGRAPHY

5. chosen text attack

Cipher text only attack: Those attackers thus not have any clue to attack the pain text. The attacker analyzer the cipher text to try out the original plain text. Known plain text attack The attacker knows about some pairs of plain text and corresponding cipher text for those pairs using this information the attacker find other pairs

Chosen plain text attack The attackers select the plain text block and try to looks for the encryption of the same text in the cipher text. Here the attacker able to chose the message to encrypt

Chosen cipher text attack The attacker knows the cipher text to be decrypted, the encryption algorithm was used to reduced the cipher text and corresponding plain text block Chosen text attack It is the combination of the chosen plain text attack and chosen cipher text attack

Brute force attacks:It involves trying every possible key until and interminable transmission of the cyphertext into plaintext is obtained. For each key size takes one microsecond to perform a single encryption.

CRYPTOGRAPHY

TYPES ATTACKS Cipher text only

OF KNOWN TO CRYPTANALYSIS

Encryption algorithm cipher text

Known plaintext

Encryption algorithm cipher text one or more plaintext. Cipher text pairs formed with the secret key

Chosen plaintext

Encryption algorithm cipher text Plaintext message chosen by cryptanalysis together its corresponding cipher text.

Chosen cipher text

Encryption algorithm cipher text Purported cipher text chosen by cryptanalysis together its corresponding plaintext generator with the secret key

Chosen text

Encryption algorithm cipher text Purported cipher text chosen by cryptanalysis together its corresponding plaintext generator with the secret key

CRYPTOGRAPHY

CRYPTOGRAPHY
UNIT II: ALGORITHM TYPES AND MODES Let us discuss two keys aspects of such algorithm: 1. Algorithm types and 2. Algorithm modes An algorithm type defines what size of plain text should be encrypted in each step of algorithm. The algorithm mode defines the details of the cryptographic algorithm, once the type is decided. Algorithm types: Regardless of the techniques used at a board level, the generation of cipher text from plain text can be done in two ways; They are; 1. Stream ciphers and 2. Block ciphers

Stream ciphers: In stream ciphers, the plain text is encrypted one byte at a time. Suppose the original message is pay 100 in ASCII, when we convert these ASCII characters to their binary values, let us assume that it translate to 01011100 simplicity. In simple terms XOF produces an output of 1 only if one input is 0 and the other is 1.

Input 1 0

Input 2 0

Input 3 0

CRYPTOGRAPHY

0 1 1

1 0 1

1 0 0

Stream cipher technique involves the encryption of one plain text byte at a time. The decryption also occurs one byte at a time. For example, we have two binary numbers, A=101 and B=110, we now want to perform an XOF operation on A and B to produce third number C i.e; C=A XOR B C=101 XOR 110 =011 Now if we perform C XOR A we will get B, B=011 XOR 101 =110 Similarly if we perform C XOR B, we will get A, A=011 XOR 110 =101 XOR is reversible- when used twice it produces original values.

Block ciphers: In block ciphers, rather than encrypting one byte at a time, a block of bytes are encrypted at one go. Block cipher technique involves encryption of one block of text at a time. Decryption also takes one block of encrypted text at a time. Practically the blocks used in block cipher generally contain 64 bits or more. CRYPTOGRAPHY

 This can be very time consuming and usually unnecessary in real life. That is why block ciphers are used more often in computer based cryptographic algorithms as compared to stream ciphers.

Group structures: When discussing an algorithm, many times a question arises as to whether it is a group. The elements of the group are the cipher text blocks with each possible key. Grouping thus means how many times the plain text is scrambled in various ways to generate the cipher text.

Concepts of confusion and diffusion: Confusion if a technique of ensuring that a cipher text gives no clue about the original plain text. It is achieved by means of the substitution techniques discussed earlier. Diffusion increases the redundancy of the plain text by spreading it across rows and columns. Stream cipher relies only on confusion. Block cipher uses both confusion and diffusion. An algorithm mode is combination of a series of the basic algorithm steps on block cipher and some kind of feed back from the previous step. There are four important algorithm modes namely; 1. Electronic code book [ECB] 2. Cipher block chaining [CBC] 3. Cipher feedback [CFB] and 4. Output feedback [OFB]

Electronic code book [ECB] mode: Electronic code book is the simplest mode of operation. CRYPTOGRAPHY

 Here, the incoming plain text message is divided into blocks of 64 bits each. Each block is then encrypted independently of the other blocks. For all the blocks in the message, the same key is used for encryption. In ECB, since a single key is used for encrypting all the blocks of message. Therefore ECB is suitable only for encrypting small messages, where the scope for repeating the same plain text block is quite less.

Cipher block chaining [CBC] mode: In the case of ECB, within a given message a plain text block always produces the same cipher text block. Thus, if a block of plain text occurs more than once in the input, the corresponding cipher text block will also occur more than once in the output thus providing some clues to a crypt analyst. In cipher block chaining the results of the encryption of the previous block are fed back into the encryption of the current block. Each block of the cipher text is dependant on the corresponding current input plain text block as well as all the previous plain text.

Cipher feedback mode: In this mode, the data is encrypted in units that are smaller could be of size 8 bits. The size of character typed by an operator since CFB mode is slightly more complicated as compared to the first two cryptographic modes. AN OVERVIEW SYMMETRIC-KEY CRYPTOGRAPHY: Introduction: An encryption system in which the sender and receiver of a message share a single, common key that is used to encrypt and decrypt the message. Contrast this with publickey cryptology , which utilizes two keys - a public key to encrypt messages and a private key to decrypt them.

CRYPTOGRAPHY

Symmetric-key systems are simpler and faster, but their main drawback is that the two parties must somehow exchange the key in a secure way. Public-key encryption avoids this problem because the public key can be distributed in a non-secure way, and the private key is never transmitted. Symmetric-key cryptography is sometimes called secret-key cryptography. The most popular symmetric-key system is the Data Encryption Standard (DES). Symmetric-Key Cryptography: In symmetric-key cryptography, we encode our plain text by mangling it with a secret key. Decryption requires knowledge of the same key, and reverses the mangling. ciphertext = encrypt( plaintext, key ) plaintext = decrypt( ciphertext, key )

Symmetric key cryptography is useful if you want to encrypt files on your computer, and you intend to decrypt them yourself. It is less useful if you intend to send them to someone else to be decrypted, because in that case you have a "key distribution problem": securely communicating the encryption key to your correspondent may not be much easier than securely communicating the original text.

It is good practice to assume the encryption algorithms that we have chosen to use are publically known; only the key is secret to the participants. Slogan: "obscurity is no security". DES [DATA ENCRYPTION STANDARD] The data encryption standard is also called the data encryption algorithm. It is a cryptographic algorithm used for over three decades. No book on security is complete without DES as it has been a landmark in cryptographic algorithm. We shall also discuss DES to achieve two objectives. Firstly to learn about DES. CRYPTOGRAPHY

 But secondly and more importantly, to dissect and understand a real life cryptographic algorithm. DES is generally used in ECB, CBC or the CFB mode.

Working: DES is a block cipher. It encrypts data in blocks of size 64 bits each. That is, 64 bits of plain text goes as the input to DES, which produces 64 bits of cipher text. The same algorithm and key are used for encryption and decryption with minor differences. We have mentioned that DES uses a 56 bit key. Actually the initial key consists of 64 bits. Before the DES process even stars, every 8 bit of the key is discarded to produce a 56 bit key. DES is based on two fundamental attributes of cryptography; 1. Substitution (also called confusion) 2. Transposition (also called diffusion) DES consists of 16 steps each of which is called as round. In the first step, the 64 bit plain text block is handed over to an initial permutation [IP] function. The initial permutation is performed on plain text. Next, the initial permutation produces two halves of the permuted block: Left plain text Right plain text Now each of LPT and RPT go through 16 rounds of encryption process. At the end, LPT and RPT are rejoined and a final permutation [FPI] is performed on the combined block. The result of these process produce 64 bit cipher text.

CRYPTOGRAPHY

INTERNATIONAL DATA ENCRYPTION ALGORITHM [IDEA]

Background and history: The international data encryption algorithm is perceived as one of the strongest cryptographic algorithms. Although, it is quite strong, IDEA is not popular as DES for two primary reasons. Firstly, it is patented unlike DES and it must be licensed before it can be used in commercial applications. Secondly, DES has a long history and track record as compared to IDEA.

WORKING:

Basic principles: Technically IDEA is a block cipher. Like DES, it also works on 64 bit plain text blocks. The key is longer and consists of 128 bits. IDEA is reversible like DES that is the same algorithm is used for encryption and decryption. IDEA uses both diffusion and confusion for encryption. The 64 bit input plain text block is divided into four portions of plain text (each of size 16 bits), say p1 to p4. Thus p1 to p4 are the inputs to the first round of the algorithm. There are 8 such rounds, as mentioned; the key consists of 128 bits. In each round, 6 sub keys are generated from the original key. Each of the sub keys consists of 16 bits. These sub keys are applied to four input blocks p1 to p4. Thus, for the first round, we have the 6 keys k1 to k6. For the second round, we will have the keys k7 to k12. Finally for the eighth round, we will have keys k43 to k48. The final step consists of an output transformation, which uses just four sub-keys (k49 to k52). CRYPTOGRAPHY

 The final output produced is the output produced by the output transformation step, which is four blocks of cipher text named c1 to c4. These are combined to form the final 64 bit cipher text block.

Rounds: We have mentioned there are 8 rounds in IDEA. Each round involves a series of operations on the four data blocks using 6 keys. As we can see, these steps perform a lot of mathematical actions. There are multiplications, additions, and XOR operations.

First round: The initial key consists of 128 bits from which sub keys k1 to k6 are generated for the first round. Since k1 to k6 consists of 16 bits each. The first 96 bits are used for the first round. At the end of the first round, bits 97-128 of the original keys unused.

Second round: In the second round firstly the 32 unused bits of the first round are used. Thus for the second round, still require (96-32=64) more bits. IDEA employs the technique of key shipping. At this stage, the original key is shifted left circularly by 25 bits.

Output transformation: The output transformation is a one time operation. It takes place at the end of the 8th round. We shall assume the four 16 bits sub keys k1 to k14 are available to the output transformation.

Step 1: multiply* k1 and k1 Step 2: add* k2 and k2 CRYPTOGRAPHY

Step 3: add* k3 and k3 Step 4: multiply* k4 and k4

RC5:

Background: RC5 is a symmetric key block encryption algorithm developed by Ron rivest. The main features of RC5 are that it is quite fast as it uses only the primitive computer operations (such as addition, XOR, shift etc.). It allows for a variable number of rounds and a variable bit-size to add to the flexibility.

How RC5 works:Basic principles: In RC5 the word size, number of rounds and number of 8 bits of the key, all can be variable length. One decided, these values remain the same for a particular execution of cryptographic algorithm. These are variable in the sense that before the execution of particular instance of RC5, these values can be chosen from those allowed. The output resulting from RC5 is the cipher text, which has the same size as the input plain text. Since RC5 allows for variable values in the three parameters as specified a particular instance of the RC5 algorithm is denoted as RC5. We are using the RC5 with a block size of 64 bits, 16 rounds of encryption and 16 bytes.

Principles of operations: At first RC5 appears to be complicated because of the notations used. However, it is actually quite simply to understand.

CRYPTOGRAPHY

 In the first two steps of the one time initial operation, the input plain text is divided into two 30 bits block A and B. The first two subkeys s[0] and s[1] are added to A and B respectively. This produces C and D respectively and marks the end of the one time operation.

BLOW FISH: Blow fish was developed by Bruce shinier and has the reputation of begin a very strong symmetric key cryptographic algorithm 1. fast- blow fish encryption rate on 32-bit microprocessor is 26 clock cycles per byte 2. compact-blow fish can execute in less than 5kb memory 3. simple- such as addition XOR and table lookup, making its design and implementation simple 4. secure- the key length up to maximum of 448 bits long, making it both flexible and secure Operation It contain two parts Sub key generation This process converts up to 448 bits long to sub-key totaling 4168

Data encryption: Each round contains a key-dependent permutation and data-dependent substitution Sub key generation 1. These key have to be ready before encryption a decryption happen. The key size ranges from 32 bits to 448 bits These key are stored in arrays K1, K2,.,Kn 2. We then have the concept of p-array, of 18 32-bit sub keys: P1, p2.p18 3. Four s-boxes CRYPTOGRAPHY

S1, 0, S1, 1., S1, 255 S2, 0, S2, 1., S2, 255 S3, 0, S3, 1., S3, 255 S4, 0, S4, 1., S4, 255

4. The usage of the bits of a fraction parts of the constant pi for this purpose 5. Blowfish algorithm generate the next 32 bit blocks of the sub key

ADVANCED ENCRYPTION STANDARD (AES)

According to its designers, the main features of AES as follows

1. Symmetric and parallel structure- the gives of the algorithm contains lot of flexibility 2. Adapted to modern processor- the algorithm work well with modern processor 3. Suited to small cards- the algorithm can work well with smart cards

Operation 1. Do the following one time processor (a) Expand 16 byte key to get the actual key block to be used (b) Do one time initialization of the 16 byte (c) XOR the state with the key block

2. for each round (a) Apply _box to each of the plain text (b) Rotate row k of the text block CRYPTOGRAPHY

(c) Perform mix column operations (d) XOR state with the key block

AN OVERVIEW OF ASYMMETRIC-KEY CRYPTOGRAPHY We have now defined two functions that are hard to perform: computing the inverse of a one-way function and distinguishing the output of a pseudo-random function from a random function. We then gave high-level definitions of more useful operations: cryptographic hash functions and encryption, which can be based on one-way functions and pseudo-random functions, respectively. But shared keys are inherently limiting; these keys must be shared between each pair of principals and complicate the process of adding new principals to the system. Similarly, shared key operations are not easily applicable to cases where one principal performs an operation that affects many principals. An asymmetric key setup would solve both of these problems: each principal has its own key information that it does not need to share in secret with other principals. For an example of how problems arise in symmetric-key settings, consider how we might perform some of our shared-key operations in a context with, say, three principals, A, B, and C. Principal A wants to send a message to B and C in such a way that both know that it came from A. If A and B share key k AB and A and C share key kAC, then it's not obvious how to send a bit string that guarantees this property (though such schemes exist); the naive solution of computing a pair (MAC(m, k AB), MAC(m, kAC)) and sending it as an authenticator doesn't work if B and C don't trust each other or don't trust A, since one element of the pair might pass the check for one principal and the other not pass the check for the other principal. If A, B, and C all share a single key, then B or C could create a MAC that appears to come from A. So, shared keys between more than two principals lose some properties. First, they lose their binding to identities. Second, authentication for different principals cannot

CRYPTOGRAPHY

be guaranteed. Third, they complicate open systems, in which new principals can appear at any time, since new principals must be given a key shared with each other principal. To get around this problem, recall the example of the stock broker. The client published a pair M1 and M2 of numbers. It happened that the stock broker was the principal that used these numbers and checked them, but any principal could have performed the stock broker's actions, since M1 and M2 were published by the client. We say that key information published like M1 and M2 is a public key and m1 and m2 are the corresponding private key.

SYMMETRIC AND ASYMMETRIC KEY CRYPTOGRAPHY TOGETHER:

Comparison between symmetric and asymmetric

characteristic Key used for encryption

Symmetric key cryptography Same Key used for encryption And decryption

Asymmetric key cryptography One key used for encryption and another different key is used foe decryption

Very fast usually same as or less Speed of encryption /decryptions than the original clear text size a No problem at all same as the size of resulting encrypted text big problem equals about the number of participants so scale square number of participants, up quite well so stability is an issue

Key

agreements/exchange Mainly

for

encryption

and Can be used for encryption and

CRYPTOGRAPHY

number of keys as compared to decryptions cannot be used for decryption as well as for digital the number of percipients in the digital message signatures and non signatures and non_repudiation

signatures

The best of both words

There are following objects are met:

1. The solution should be completed secure 2. The encryption and decryption processes must not take long time 3. The generated cipher text should be compact in size 4. The solution should scale to a large number of users easily, without introducing any addition 5. The key distribution problem must be solved by the solution

DIGITAL SIGNATURES Introduction The context of the asymmetric key cryptography: If A is the sender of a message and B is the receiver, A encrypts the message with Bs public key and sends the encrypted message to B

Message digests A message digests is a fingerprint or the summary of the message. It is similar to the concepts of Longitudinal Redundancy Check (LRC) or Cyclic Redundancy Check (CRC) It is used to verify the integrity of the data An example of LRC calculation at the senders end. A block of bits is organized in the form of a list Longitudinal Redundancy Check (LRC) CRYPTOGRAPHY

Requirements of a message digest

1 given a message, it should be very easy to find message digests 2 given message digest; it should be very difficult to find the original message

Secure hash algorithm (SHA) The word secure can be decided based to two feature (a) Obtain the original message (b) Find two message production the sane message digest Comparison of MD5 and SHA-1: Point of discussion MD5 SHA-1 160 Requires Requires 2 power 2 power 160

Message digests length in 128 bits attack to try and find the original message digest.

128 operation to break in

Attack to try and find two operation to break in messages producing the Request 2 power Requires 2 power 18

same message digest. Successful attack so for.

64 operation to break in

operation to break in

Speed

That

has

been

reported No Such Claim so far

attempts to some text. Software Implementation

Message Authentication Code: Let as assume the where the sender A wants to send the message M to a receiver B. 1. A and B share a symmetric key K. Which is not known to any one else. A calculate the MAC. By applying in key K to the message to M. 2. A then send the original message to M and to MAC to B.

CRYPTOGRAPHY

3. When we receives the message be also used K to calculate its own MAC H2 over M. 4. We now compare H1 to H2.

HMAC: The fundamental idea behind HMAC is to reuse the existing message digest algorithms, such as MD5 or SHA-1. Obviously, there is no point in reinventing the wheel. Therefore, what HMAC does it to work with any message digest as a black box? Additionally it uses the shared symmetric key to encrypt the message digest, which produces the output MAC.

Digital Signature Techniques:

Due to the problem associated with MAC as mentioned earlier, Digital Signature Standard (DSS) was developed for performing digital signatures

The politics of digital signature algorithms

The accidents of DSA were not straightforward. One of the aims of NIST the developers of DSA were to make DSA a free piece of digital signature software. Moreover big companies such as IBM, Novell, Lotus, apple, Microsoft, DEC, Sun etc Therefore they were also against the use of DSA there were lot of allegation and speculation regarding the strength of DSA. All of them were addressed making DSA a reliable algorithm

KNAPSACK ALGORITHM

Ralph merle and martin hell man developed the first algorithm for public key encryption called as knapsack Algorithm CRYPTOGRAPHY

That is, if M1, M2.mn are the given values and S is the sum, find out bi so that S=b1M1 + b2M2 +.. + bnMn Each bi can be 0 or 1. A 1 indicates that the item is in the knapsack and 0 indicates that it is not

SOME OTHER ALGORITHMS

Elliptic curve cryptography (ECC) An elliptical curve is similar to a normal curve draw curve as graph on x and y axis. It has points. Each points can be designated by an(x, y) coordinate, just like any other graph. For instance a point can be destined as(4,9) it is 4 units of the right hand side of the x axis from the center Consider an elliptical curve (e) with a point p. now generate a random number d. let we have q =d * p Mathematics says that e, p and q are public values and the challenges are to find d.

CRYPTOGRAPHY

CRYPTOGRAPHY

CRYPTOGRAPHY