Upload
anonymous-boresf
View
44
Download
0
Tags:
Embed Size (px)
Citation preview
CRYPTOGRAPHY
CRYPTOGRAPHY
SYLLABUS
Unit 1:
Introduction- the concept of security-introduction the need for security - security
approaches-principles of security – types of attacks. Cryptography techniques:
introduction-plaintext and cipher text- substation techniques –transposition techniques-
encryption and decryption – symmetric and asymmetric key cryptography – stegnography
-- key range and key size - possible types of attacks.
Unit 2:
Computer based symmetric Key Cryptography Algorithms: Introduction-Algorithm
Types and Modes-An overview of Symmetric Key Cryptography-Data Encryption
Standard(DES)-International Data Encryption Algorithm(IDEA)-RC5-Blow fish-
Advanced Encryption Standard(AES)-Differential and linear Cryptanalysis-Computer
Based Asymmetric Cryptography Algorithm: Introduction-Brief History of Asymmetric
Cryptography-An overview of Asymmetric Key Cryptography-The RSA algorithm-
Symmetric and Asymmetric Key Cryptography together-Digital Signatures-Knapsack
Algorithm-Some other Algorithm
Text book:
Cryptography and Network Security, Atul Kahate, TMH 2006
Reference:
Cryptography and Network Security-Behrouz A.Forcizan, The MC Graw Hill, 2008
CRYPTOGRAPHY
CRYPTOGRAPHY
UNIT I:
INTRODUCTION
Cryptography is the science of diverse field of problems related to encryption
and decryption techniques, privacy of communication, authentication, digital signatures
and much more. However, its main task is the constant quest for making the exchange of
information totaly secure. As such, its task has not change for centuries. Since secret
writing hieroglyphic system, through Juliush Cesar "Cesar cipher", German Enigma to
latest public-key systems, scientists and practitioners around the world, known as
cryptographers are in this quest of hiding information from unauthorized eyes.
Definition Cryptography is the study of mathematical techniques related to aspects of
informationsecurity such as confidentiality, data integrity, entity authentication, and data
originauthentication.Cryptography is not the only means of providing information
security, but rather one set oftechniques.
NEED FOR SECURITY:
When computer application were developed to handle
Financial and personal data the real need for security was felt like never before.
People realized that data on computers was an extremely important aspect of such
security important aspect of modern life.
Two typical (Ex)of such security mechanisms were as follows:
Provide a user id and password every user and use that information to authenticate
a user.
Encode information stored in the data base in some fashion so that is not visible to
users who do not have the right’s permission.
CRYPTOGRAPHY
Organizations employed their own mechanisms in order to provide for these
kinds’ basics security mechanisms.
Modern nature of attacks:
Difference in computer based system is mainly due to the speed at
which things happen and the accuracy that we get, as compared do the traditional
world. We can highlight a few salient features of the modern nature of attack as
follows:-
Automatic attacks:-
The speed of computer makes several attacks worth while.
For the example, in the real world, support that someone mange’s to
create a machine that can produce conducing coins.
However producing so many coins on a mass scale may not be that
much economical compared to the return on that investment.
They are quit efficient and happy in doing routine mundane and
repetitive tasks.
For the example, they would excel in somehow stealing a very low
amount from a million bank accounts in a matter of few minuets.
Humans dislike mundance and repetitive tasks. Automatically them can
cause destruction or quit rapidly.
Privacy cancers:-
Collecting information about people and later using it is turning
out to be a high problem these days.
The so called data mining applications gather process and
tabulate all sorts of details about individuals.
People can then illegally sell this information for the example;
companies like expression Tran’s union and Equifax maintain
credit history of individual in the USA.
These companies have volumes of information about a majority
of citizens of that country
CRYPTOGRAPHY
These companies can collect, polish and format all sorts of
information to who server is ready to pay for the data.
Every company are collecting and processing mind boggling
amount information about us.
Distance dose not matters:-
Money in digital from inside computer and moves
around by using computer networks.
Therefore a modern thief would perhaps not like to
wear a mask and attempt a robbery.
Instead, it is far easier and cheaper to attempt on attack
on the computer system of the bank sitting at home.
SECURITY APPROCHES:-
Trusted system:
A trusted system is a computer system that can be
trusted to a specified extent to enforce a specified
security policy.
Naturally, following are the expansion from the
reference monitor.
a. It should be tamperproof
b. It should always be invoked
c. It should be small enough so that it con be independently.
The deal with lattice based information follows in computer system.
Security models:-
An organization can tasks several approaches to implement its security model let us
summarize these approaches.
No security:-
In this simplest case, the approach could be a decision to implement no security at all.
Security trough obscurity:
CRYPTOGRAPHY
In this model, a system is secure simply. Because nobody knows about its existence and
contents. This approach cannot work for attacker can come to know about it.
Host security:
In this scheme the security for each host enforced individual, this is a very safe approach.
Network security:
In this technique the focus is to control network access to various host and their scurries
rather than individual host security.
This is very efficient and scalable model.
Security management practices:-
Good security management practices always talk of a security policy being in place.
A good security policy generally takes care key aspects as follows
Affordability :: cost and effort in security implementation
Factuality:: mechanisms of providing security.
Legality :: whether the policy meats the legal requirements
Cultural issues: whether the policy gets well with people’s expectations
working style and believes.
Once a security policy is in place, the following points should be
ensured.
A. Explanation of the policy to all concerned.
B. Outline everybody responsibilities.
C. Use simple language in all communications.
D. Establishment of accountability.
E. Provisions for exception and periodic reviews.
That all about security approaches.
PRINCIPLES OF SECURITY:-
CRYPTOGRAPHY
Let as assume that a person a wants to send a check worth $100 to another
person B. Normally are the factors that A and B will think of in such case, A will write
the check for $100, put it in envelope and send it to B.
Confidently:-
A will like to ensure that no one except B gets the envelope and even if some
one else get does not come to know about the details of the check. This is the principles
of confident.
Integrity:-
A and b will further like to make sure that no one can temper with the
contends of the check as its amount, data, signature, name of the payee, etc.
Authentication:-
B would like to be assured that the check has someone posing as a. as it could
be a flack check in the case.
Non-repudiation:-
What will happen? Tomorrow if B deposits the check in her account, the
money is transferred A’s account to B’s account and then A refute this claim and settle
the dispute.
Repudiation:-
These are the four principles of security. There are tow access control and
availability which are not related to a particular message, but are linked to the over all
system as a whole.
Access control:-
The principle of access control determines who should be able to access what. For
instance, we should be able to specify the user A can view the records in a subset of an
access control matrix. Access control is broadly related to tow areas. That are,
Rule management
Role management
CRYPTOGRAPHY
Rule management: focuses on the resources side (which resources is accessible and
under what circulates).
Role management: concentrates on the user side (which user can do what)
Availability:-
The principles of availability states the resources should be
available to authorized parties at all times. This also defined seven layers of security in
the from of,
Authentications
Access control
Non-repudiation
Data integrity
Confidentiality
Assurance or availability
Not arizationor signature
TYPES OF ATTACKS:-
We shall attacks with respect to two views: the common person’s view and
a technologist’s view.
Attack a general view:
From a common person of view, can classify attack into
three categories. Let as discuss these attacks.
Criminal attacks:-
Criminal attacks are the simplest to understand. Here the sole aim of the
attackers is to maximize financial Gain by attacking computer system.
Publicity attacks:
Publicity attacks occur because the attackers want
to see there names appear on television new channels and newspaper. One of the most
famous such attacks occurred on the us department of justice’s web site in 1996. The
New York Times home page was also famously defaced tow year later.
CRYPTOGRAPHY
Legal attacks:-
The aim of the attacker is to exploit the weakness of the
judge and the jury in technology matters. For example, an attacker may sue a bank for a
performing an online transaction, which she never wanted to perform.
Security attacks:
Passive attack
Active attack
Passive attack:
The passive attack attempt to learn or make use of information from the
system. Two types of passive attacks are
Release of message
Traffic analysis
Release of message:-
A telephone conversion and electronic mail message and a transfer may can
contains sensitive or confidently information.
Traffic analysis:-
The common technique for masking contents is encryption. The opponent could
determine the location and the identify of communication cost and could observe the
frequency and length of the message being exchange.
Active attack:-
An active attack involves some modification of the data stream. These are
divided into three categories.
Interruption
Modification
Fabrication
Interruption:-
Trying to pose as another entity involves masquerade attacks.
Modification:-
CRYPTOGRAPHY
Modification attacks can be classified further into replay attacks and alteration of
message.
Fabrication:-
Fabrication causes denial of service attacks.
CRYPTOGRAPHY TECHNIQUES:
Introduction:
Cryptography comes from the Greek words for secret writing. The messages to be
encrypted know as plaintext. The output of the encryption process is known as
cyphertext.
Cryptography:-
Cryptography system is characterized along three independent
diminutions.
The types of operation used for transforming pt to ct.
The number of key words
The way in which the plaintext is processed
If the sender and receiver use different keys, the system is refers to as asymmetric two
keys or public key encryption.
Stream cipher:-
A stream cipher process the input element continuously producing
output one element at a time as goes along.
Crypt analysis:-
Crypt analysis attacks rely on the nature of the algorithm.
Plus perhaps some knowledge of general characterizes tics of plaintext. There are five
types of attacks
Cipher ext only
CRYPTOGRAPHY
Known plaintext
Chosen plaintext
Chosen cipher text
Chosen text
Cipher text only:-
The cipher text only attack is the easiest to defend against
because the opponent has the least amount of information to work with.
Known plaintext:-
The known plaintext is what might be referred to as
probable work attack. If the opponent is working with the encryption of some general
message may have little knowledge of what is in the message is occur.
Chosen plaintext:-
If the analysis able to get the source system to insert into the system message
chose by the analysis then the chosen plaintext is possible.
ENCRYPTION TECHNIQUES:
There are two types of encryption techniques:
Substation techniques
Transportations techniques
A substation technique is one is which the letters of plain text are replaced by
other letters or by numbers or symbols.
Plaintext: A B C D E F G H I J K L M N O P Q R S T U
V W X Y Z
Ciphertext: O P Q R S T U V W X Y Z A B C D E F G H I
J K L M N
SUBSTUTION TECHNIQUES:-
There are seven types of categories.
Caesar cipher
CRYPTOGRAPHY
Modified version of Caesar cipher
Mono-alphabetic cipher
Homophonic substation cipher
Polygram substation cipher
Polyalphabetic substation cipher
Playfair cipher
Caesar cipher:-
One of the oldest known ciphers is the Caesar cipher attributed to Julius Caesar.
Plaintext: A B C D E F G H I J K L M N O P Q R S T U
V W X Y Z
Cyphertext: O P Q R S T U V W X Y Z A B C D E F G H I
J K L M N
Attack = DWWDFN
Meet me = PHHWPH
The encryption algorithm is:
C= E (K.P) = (P+K) MOD 26
The decryption algorithm is:
P = D (K.C) = (C-K) MOD 26
Mono-alphabetic cipher:-
The general system of symbol for symbol substation is called mono-alphabetic
cipher substation with a key being the 26 letters string corresponding to the alphabet.
In English most common letters are et,t,o,an,I,th,in,er,re,an,the,ing and ion. The most
common three letters combination is
T (x) e x h
T h (y) y a
Q Z W n z
Polygram substation cipher:-
CRYPTOGRAPHY
The Polygram substation cipher is a technique rather than replacing one plain text
alphabet with one cipher at a time.
(e.x) hello = yuqqw
Polyalphabetic substation cipher:-
This cipher uses multiple one character keys features:
It use a set of related mono-alphabetic substation rotes. It use a key that determines which
rule is used for which transformation.
Play fair cipher:-
Creation and population of matrix
Encryptions process
P L A Y F
I R E X M
B C D G H
K N O Q S
T Y W V Z
There are five type of encryption process. If the both alphabetic are
same adder x after the first alphabet.
TRANSPOSITION TECHNIQUES:
This is techniques for replace one alphabet with another there are four techniques are
available, there are
Rail fence technique
Simple columnar transposition
Verna cipher
Book cipher / running key cipher
Rail fence technique:-
CRYPTOGRAPHY
The rail fence tech is an example of transposition it is use a simple
algorithm. Text every letter in the plain text message as a number so that a, A = 0, B = 1,
z = 25.
It has very little sophistications built in.
Simple columnar transposition:-
Simple columnar transposition techs with multiple rounds are used to
improve the basic simple columnar transposition techniques.
(e.x) consider the rectangle with six columns write the message in the rectangle row by
row
C1 C2 C3 C4 C5 C6
C O M E H O
M E F O M O
R R O W -- --
Vern-am cipher:-
The vernam cipher is also called as one time pod. This is implemented using a random set
of non repeating char actors as input cipher text.
SYMMETRIC-KEY CRYPTOGRAPHY
Introduction:
An encryption system in which the sender and receiver of a message share a single,
common key that is used to encrypt and decrypt the message. Contrast this with public-
key cryptology , which utilizes two keys - a public key to encrypt messages and a private
key to decrypt them.
Symmetric-key systems are simpler and faster, but their main drawback is that the two
parties must somehow exchange the key in a secure way. Public-key encryption avoids
this problem because the public key can be distributed in a non-secure way, and the
private key is never transmitted.
CRYPTOGRAPHY
Symmetric-key cryptography is sometimes called secret-key cryptography. The most
popular symmetric-key system is the Data Encryption Standard (DES).
Symmetric-Key Cryptography:
In symmetric-key cryptography, we encode our plain text by mangling it with a secret
key. Decryption requires knowledge of the same key, and reverses the mangling.
ciphertext = encrypt( plaintext, key )
plaintext = decrypt( ciphertext, key )
Symmetric key cryptography is useful if you want to encrypt files on your computer, and
you intend to decrypt them yourself. It is less useful if you intend to send them to
someone else to be decrypted, because in that case you have a "key distribution problem":
securely communicating the encryption key to your correspondent may not be much
easier than securely communicating the original text.
It is good practice to assume the encryption algorithms that we have chosen to use are
publically known; only the key is secret to the participants. Slogan: "obscurity is no
security".
Caesar cipher
The key is a number between 1 and 25. Define code ('a') =0, code ('b') =1, ...,
code('z')=25.
encryption(c, key) = code-1
( code(c)+key mod 26 )
Pros: simple.
Cons: trivial to break.
How many keys are there?
How can you break this cipher?
Compression-then-substitution
Compress the text first (in an attempt to avoid the frequency-of-letters attack), and then
do a substitution of byte values, such as:
CRYPTOGRAPHY
original byte 0 1 2 3 ... 255
cipher byte 123 53 221 102 ... 34
ASYMMETRIC-KEY CRYPTOGRAPHY
We have now defined two functions that are hard to perform: computing
the inverse of a one-way function and distinguishing the output of a pseudo-random
function from a random function. We then gave high-level definitions of more useful
operations: cryptographic hash functions and encryption, which can be based on one-way
functions and pseudo-random functions, respectively. But shared keys are inherently
limiting; these keys must be shared between each pair of principals and complicate the
process of adding new principals to the system.
Similarly, shared key operations are not easily applicable to cases where one
principal performs an operation that affects many principals. An asymmetric key setup
would solve both of these problems: each principal has its own key information that it
does not need to share in secret with other principals.
For an example of how problems arise in symmetric-key settings, consider how
we might perform some of our shared-key operations in a context with, say, three
principals, A, B, and C. Principal A wants to send a message to B and C in such a way
that both know that it came from A. If A and B share key kAB and A and C share key kAC,
then it's not obvious how to send a bit string that guarantees this property (though such
schemes exist); the naive solution of computing a pair (MAC(m, kAB), MAC(m, kAC))
and sending it as an authenticator doesn't work if B and C don't trust each other or don't
trust A, since one element of the pair might pass the check for one principal and the other
not pass the check for the other principal. If A, B, and C all share a single key, then B or
C could create a MAC that appears to come from A.
CRYPTOGRAPHY
So, shared keys between more than two principals lose some properties. First,
they lose their binding to identities. Second, authentication for different principals cannot
be guaranteed. Third, they complicate open systems, in which new principals can appear
at any time, since new principals must be given a key shared with each other principal.
To get around this problem, recall the example of the stock broker. The client
published a pair M1 and M2 of numbers. It happened that the stock broker was the
principal that used these numbers and checked them, but any principal could have
performed the stock broker's actions, since M1 and M2 were published by the client. We
say that key information published like M1 and M2 is a public key and m1 and m2 are the
corresponding private key.
STEGANOGRAPHY
Steganography is the art and science of writing hidden messages in such a way
that no one, apart from the sender and intended recipient, suspects the existence of the
message, a form of security through obscurity.
The word steganography is of Greek origin and means "concealed writing" from
the Greek words steganos (στεγανός) meaning "covered or protected", and graphein
(γράυειν) meaning "to write".
The advantage of steganography, over cryptography alone, is that messages do
not attract attention to themselves. Plainly visible encrypted messages—no matter how
unbreakable—will arouse suspicion, and may in themselves be incriminating in countries
where encryption is illegal. Therefore, whereas cryptography protects the contents of a
message, steganography can be said to protect both messages and communicating parties.
Steganography includes the concealment of information within computer files. In
digital steganography, electronic communications may include steganographic coding
inside of a transport layer, such as a document file, image file, program or protocol.
Media files are ideal for steganographic transmission because of their large size.
CRYPTOGRAPHY
As a simple example, a sender might start with an innocuous image file and
adjust the color of every 100th pixel to correspond to a letter in the alphabet, a change so
subtle that someone not specifically looking for it is unlikely to notice it.
Steganographic techniques
Physical steganography
Steganography has been widely used, including in recent historical times and the present
day. Possible permutations are endless and known examples include:
Hidden messages within wax tablets — in ancient Greece, people wrote messages
on the wood, then covered it with wax upon which an innocent covering message
was written.
Hidden messages on messenger's body — also used in ancient Greece. Herodotus
tells the story of a message tattooed on a slave's shaved head, hidden by the
growth of his hair, and exposed by shaving his head again. The message allegedly
carried a warning to Greece about Persian invasion plans. This method has
obvious drawbacks, such as delayed transmission while waiting for the slave's
hair to grow, and the restrictions on the number and size of messages that can be
encoded on one person's scalp.
During World War II, the French Resistance sent some messages written on the
backs of couriers using invisible ink.
Hidden messages on paper written in secret inks, under other messages or on the
blank parts of other messages.
Messages written in Morse code on knitting yarn and then knitted into a piece of
clothing worn by a courier.
Messages written on envelopes in the area covered by postage stamps.
During and after World War II, espionage agents used photographically produced
microdots to send information back and forth. Microdots were typically minute,
approximately less than the size of the period produced by a typewriter. World
War II microdots needed to be embedded in the paper and covered with an
CRYPTOGRAPHY
adhesive, such as collodion. This was reflective and thus detectable by viewing
against glancing light. Alternative techniques included inserting microdots into
slits cut into the edge of post cards.
During World War II, a spy for Japan in New York City, Velvalee Dickinson,
sent information to accommodation addresses in neutral South America. She was
a dealer in dolls, and her letters discussed how many of this or that doll to ship.
The stegotext was the doll orders, while the concealed "plaintext" was itself
encoded and gave information about ship movements, etc. Her case became
somewhat famous and she became known as the Doll Woman.
Cold War counter-propaganda. In 1968, crew members of the USS Pueblo
intelligence ship held as prisoners by North Korea, communicated in sign
language during staged photo opportunities, informing the United States they
were not defectors, but rather were being held captive by the North Koreans. In
other photos presented to the U.S., crew members gave "the finger" to the
unsuspecting North Koreans, in an attempt to discredit photos that showed them
smiling and comfortable.
Digital steganography
Image of a tree. Removing all but the two least significant bits of each color component
produces an almost completely black image. Making that image 85 times brighter
produces the image below.
CRYPTOGRAPHY
Image of a cat extracted from above image.
Modern steganography entered the world in 1985 with the advent of the personal
computer being applied to classical steganography problems.Development following that
was slow, but has since taken off, going by the number of "stego" programs available:
Over 800 digital steganography applications have been identified by the Steganography
Analysis and Research Center.[Digital steganography techniques include:
Concealing messages within the lowest bits of noisy images or sound files.
Concealing data within encrypted data or within random data. The data to be
concealed is first encrypted before being used to overwrite part of a much larger
block of encrypted data or a block of random data (an unbreakable cipher like the
one-time pad generates ciphertexts that look perfectly random if you don't have
the private key).
Chaffing and winnowing.
Mimic functions convert one file to have the statistical profile of another. This can
thwart statistical methods that help brute-force attacks identify the right solution
in a ciphertext-only attack.
Concealed messages in tampered executable files, exploiting redundancy in the
targeted instruction set.
Pictures embedded in video material (optionally played at slower or faster speed).
Injecting imperceptible delays to packets sent over the network from the
keyboard. Delays in keypresses in some applications (telnet or remote desktop
CRYPTOGRAPHY
software) can mean a delay in packets, and the delays in the packets can be used
to encode data.
Changing the order of elements in a set.
Content-Aware Steganography hides information in the semantics a human user
assigns to a datagram. These systems offer security against a non-human
adversary/warden.
Blog-Steganography. Messages are fractionalized and the (encrypted) pieces are
added as comments of orphaned web-logs (or pin boards on social network
platforms). In this case the selection of blogs is the symmetric key that sender and
recipient are using; the carrier of the hidden message is the whole blogosphere.
Modifying the echo of a sound file (Echo Steganography).
Secure Steganography for Audio Signals.
Image bit-plane complexity segmentation steganography (i.e., BPCS-
Steganography).
Network steganography
All information hiding techniques that may be used to exchange steganograms in
telecommunication networks can be classified under the general term of network
steganography. This nomenclature was originally introduced by Krzysztof Szczypiorski
in 2003.Contrary to the typical steganographic methods which utilize digital media
(images, audio and video files) as a cover for hidden data, network steganography utilizes
communication protocols' control elements and their basic intrinsic functionality. As a
result, such methods are harder to detect and eliminate.
Typical network steganography methods involve modification of the properties of a
single network protocol. Such modification can be applied to the PDU (Protocol Data
Unit), to the time relations between the exchanged PDUs,[ or both (hybrid methods).
Moreover, it is feasible to utilize the relation between two or more different network
protocols to enable secret communication. These applications fall under the term inter-
protocol steganography.
CRYPTOGRAPHY
Network steganography covers a broad spectrum of techniques, which include, among
others:
Steganophony - the concealment of messages in Voice-over-IP conversations, e.g.
the employment of delayed or corrupted packets that would normally be ignored
by the receiver (this method is called LACK - Lost Audio Packets
Steganography), or, alternatively, hiding information in unused header fields.
WLAN Steganography – the utilization of methods that may be exercised to
transmit steganograms in Wireless Local Area Networks. A practical example of
WLAN Steganography is the HICCUPS system (Hidden Communication System
for Corrupted Networks)
Printed steganography
Digital steganography output may be in the form of printed documents. A message, the
plaintext, may be first encrypted by traditional means, producing a ciphertext. Then, an
innocuous covertext is modified in some way so as to contain the ciphertext, resulting in
the stegotext. For example, the letter size, spacing, typeface, or other characteristics of a
covertext can be manipulated to carry the hidden message. Only a recipient who knows
the technique used can recover the message and then decrypt it. Francis Bacon developed
Bacon's cipher as such a technique.
The ciphertext produced by most digital steganography methods, however, is not
printable. Traditional digital methods rely on perturbing noise in the channel file to hide
the message, as such, the channel file must be transmitted to the recipient with no
additional noise from the transmission. Printing introduces much noise in the ciphertext,
generally rendering the message unrecoverable. There are techniques that address this
limitation, one notable example is ASCII Art Steganography.
Text steganography
Steganography can be applied to different types of media including text, audio, image
and video etc. However, text steganography is considered to be the most difficult kind of
CRYPTOGRAPHY
steganography due to lack of redundancy in text as compared to image or audio but still
has smaller memory occupation and simpler communication. The method that could be
used for text steganography is data compression. Data compression encodes information
in one representation into another representation. The new representation of data is
smaller in size. One of the possible schemes to achieve data compression is Huffman
coding. Huffman coding assigns smaller length codewords to more frequently occurring
source symbols and longer length codewords to less frequently occurring source symbols
KEY RANGE AND KEY SIZE:
The cryptanalyst is armed with the following information:
The encryption/decryption algorithm
The encrypted message
Knowledge about the key size
The encryption/decryption algorithm is usually not a secret the key remains the
challenge for a attacker. if the key is found , the attacker can resolve by working
backward to the plain text message
If usually takes a very small amount of time to try a key. The attacker can write
computer programs that try many key in one second.
The attacker finds the right key in the first attempt itself in the worst case; it is the 100
billionth attempts
Mathematics tells that the average of the key can be found the half of the possible
values in the key range can be checked. This is the guide line and may or may not work
in a real for a given situation.
POSSIBLE TYPES OF ATTACKS:
There are five possibilities of attacks:
1. cipher text only attack
2. known plain text attack
3. chosen pain text attack
4. chosen cipher text attack
CRYPTOGRAPHY
5. chosen text attack
Cipher text only attack:
Those attackers thus not have any clue to attack the pain text. The attacker
analyzer the cipher text to try out the original plain text.
Known plain text attack
The attacker knows about some pairs of plain text and corresponding cipher text for
those pairs using this information the attacker find other pairs
Chosen plain text attack
The attackers select the plain text block and try to looks for the encryption of the same
text in the cipher text. Here the attacker able to chose the message to encrypt
Chosen cipher text attack
The attacker knows the cipher text to be decrypted, the encryption algorithm was used
to reduced the cipher text and corresponding plain text block
Chosen text attack
It is the combination of the chosen plain text attack and chosen cipher text attack
Brute force attacks:-
It involves trying every possible key until and interminable transmission of
the cyphertext into plaintext is obtained. For each key size takes one microsecond to
perform a single encryption.
CRYPTOGRAPHY
TYPES OF
ATTACKS
KNOWN TO CRYPTANALYSIS
Cipher text only Encryption algorithm cipher text
Known plaintext Encryption algorithm cipher text one or more plaintext. Cipher
text pairs formed with the secret key
Chosen plaintext Encryption algorithm cipher text
Plaintext message chosen by cryptanalysis together it’s
corresponding cipher text.
Chosen cipher text Encryption algorithm cipher text
Purported cipher text chosen by cryptanalysis together it’s
corresponding plaintext generator with the secret key
Chosen text Encryption algorithm cipher text
Purported cipher text chosen by cryptanalysis together it’s
corresponding plaintext generator with the secret key
CRYPTOGRAPHY
CRYPTOGRAPHY
UNIT II:
ALGORITHM TYPES AND MODES
Let us discuss two keys aspects of such algorithm:
1. Algorithm types and
2. Algorithm modes
An algorithm type defines what size of plain text should be encrypted in
each step of algorithm.
The algorithm mode defines the details of the cryptographic algorithm,
once the type is decided.
Algorithm types:
Regardless of the techniques used at a board level, the generation of cipher text
from plain text can be done in two ways;
They are;
1. Stream ciphers and
2. Block ciphers
Stream ciphers:
In stream ciphers, the plain text is encrypted one byte at a time. Suppose the original
message is pay 100 in ASCII, when we convert these ASCII characters to their binary
values, let us assume that it translate to 01011100 simplicity.
In simple terms XOF produces an output of 1 only if one input is 0 and the other is 1.
Input 1 Input 2 Input 3
0 0 0
CRYPTOGRAPHY
0 1 1
1 0 0
1 1 0
Stream cipher technique involves the encryption of one plain text byte at a time.
The decryption also occurs one byte at a time.
For example, we have two binary numbers, A=101 and B=110, we now want to
perform an XOF operation on A and B to produce third number C i.e;
C=A XOR B
C=101 XOR 110
=011
Now if we perform C XOR A we will get B,
B=011 XOR 101
=110
Similarly if we perform C XOR B, we will get A,
A=011 XOR 110
=101
XOR is reversible- when used twice it produces original values.
Block ciphers:
In block ciphers, rather than encrypting one byte at a time, a block of bytes are
encrypted at one go.
Block cipher technique involves encryption of one block of text at a time.
Decryption also takes one block of encrypted text at a time.
Practically the blocks used in block cipher generally contain 64 bits or more.
CRYPTOGRAPHY
This can be very time consuming and usually unnecessary in real life.
That is why block ciphers are used more often in computer based cryptographic
algorithms as compared to stream ciphers.
Group structures:
When discussing an algorithm, many times a question arises as to whether it is a
group.
The elements of the group are the cipher text blocks with each possible key.
Grouping thus means how many times the plain text is scrambled in various ways
to generate the cipher text.
Concepts of confusion and diffusion:
Confusion if a technique of ensuring that a cipher text gives no clue about the
original plain text.
It is achieved by means of the substitution techniques discussed earlier.
Diffusion increases the redundancy of the plain text by spreading it across rows
and columns.
Stream cipher relies only on confusion.
Block cipher uses both confusion and diffusion.
An algorithm mode is combination of a series of the basic algorithm steps on
block cipher and some kind of feed back from the previous step.
There are four important algorithm modes namely;
1. Electronic code book [ECB]
2. Cipher block chaining [CBC]
3. Cipher feedback [CFB] and
4. Output feedback [OFB]
Electronic code book [ECB] mode:
Electronic code book is the simplest mode of operation.
CRYPTOGRAPHY
Here, the incoming plain text message is divided into blocks of 64 bits each.
Each block is then encrypted independently of the other blocks.
For all the blocks in the message, the same key is used for encryption.
In ECB, since a single key is used for encrypting all the blocks of message.
Therefore ECB is suitable only for encrypting small messages, where the scope
for repeating the same plain text block is quite less.
Cipher block chaining [CBC] mode:
In the case of ECB, within a given message a plain text block always produces the
same cipher text block.
Thus, if a block of plain text occurs more than once in the input, the
corresponding cipher text block will also occur more than once in the output thus
providing some clues to a crypt analyst.
In cipher block chaining the results of the encryption of the previous block are fed
back into the encryption of the current block.
Each block of the cipher text is dependant on the corresponding current input
plain text block as well as all the previous plain text.
Cipher feedback mode:
In this mode, the data is encrypted in units that are smaller could be of size 8 bits.
The size of character typed by an operator since CFB mode is slightly more
complicated as compared to the first two cryptographic modes.
AN OVERVIEW SYMMETRIC-KEY CRYPTOGRAPHY:
Introduction:
An encryption system in which the sender and receiver of a message share a single,
common key that is used to encrypt and decrypt the message. Contrast this with public-
key cryptology , which utilizes two keys - a public key to encrypt messages and a private
key to decrypt them.
CRYPTOGRAPHY
Symmetric-key systems are simpler and faster, but their main drawback is that the two
parties must somehow exchange the key in a secure way. Public-key encryption avoids
this problem because the public key can be distributed in a non-secure way, and the
private key is never transmitted.
Symmetric-key cryptography is sometimes called secret-key cryptography. The most
popular symmetric-key system is the Data Encryption Standard (DES).
Symmetric-Key Cryptography:
In symmetric-key cryptography, we encode our plain text by mangling it with a secret
key. Decryption requires knowledge of the same key, and reverses the mangling.
ciphertext = encrypt( plaintext, key )
plaintext = decrypt( ciphertext, key )
Symmetric key cryptography is useful if you want to encrypt files on your computer, and
you intend to decrypt them yourself. It is less useful if you intend to send them to
someone else to be decrypted, because in that case you have a "key distribution problem":
securely communicating the encryption key to your correspondent may not be much
easier than securely communicating the original text.
It is good practice to assume the encryption algorithms that we have chosen to use are
publically known; only the key is secret to the participants. Slogan: "obscurity is no
security".
DES [DATA ENCRYPTION STANDARD]
The data encryption standard is also called the data encryption algorithm.
It is a cryptographic algorithm used for over three decades.
No book on security is complete without DES as it has been a landmark in
cryptographic algorithm.
We shall also discuss DES to achieve two objectives.
Firstly to learn about DES.
CRYPTOGRAPHY
But secondly and more importantly, to dissect and understand a real life
cryptographic algorithm.
DES is generally used in ECB, CBC or the CFB mode.
Working:
DES is a block cipher.
It encrypts data in blocks of size 64 bits each.
That is, 64 bits of plain text goes as the input to DES, which produces 64 bits of
cipher text.
The same algorithm and key are used for encryption and decryption with minor
differences.
We have mentioned that DES uses a 56 bit key.
Actually the initial key consists of 64 bits.
Before the DES process even stars, every 8 bit of the key is discarded to produce
a 56 bit key.
DES is based on two fundamental attributes of cryptography;
1. Substitution (also called confusion)
2. Transposition (also called diffusion)
DES consists of 16 steps each of which is called as round.
In the first step, the 64 bit plain text block is handed over to an initial permutation
[IP] function.
The initial permutation is performed on plain text.
Next, the initial permutation produces two halves of the permuted block:
Left plain text
Right plain text
Now each of LPT and RPT go through 16 rounds of encryption process.
At the end, LPT and RPT are rejoined and a final permutation [FPI] is performed
on the combined block.
The result of these process produce 64 bit cipher text.
CRYPTOGRAPHY
INTERNATIONAL DATA ENCRYPTION ALGORITHM [IDEA]
Background and history:
The international data encryption algorithm is perceived as one of the strongest
cryptographic algorithms.
Although, it is quite strong, IDEA is not popular as DES for two primary reasons.
Firstly, it is patented unlike DES and it must be licensed before it can be used in
commercial applications.
Secondly, DES has a long history and track record as compared to IDEA.
WORKING:
Basic principles:
Technically IDEA is a block cipher.
Like DES, it also works on 64 bit plain text blocks.
The key is longer and consists of 128 bits.
IDEA is reversible like DES that is the same algorithm is used for encryption and
decryption.
IDEA uses both diffusion and confusion for encryption.
The 64 bit input plain text block is divided into four portions of plain text (each of
size 16 bits), say p1 to p4.
Thus p1 to p4 are the inputs to the first round of the algorithm.
There are 8 such rounds, as mentioned; the key consists of 128 bits.
In each round, 6 sub keys are generated from the original key.
Each of the sub keys consists of 16 bits.
These sub keys are applied to four input blocks p1 to p4.
Thus, for the first round, we have the 6 keys k1 to k6.
For the second round, we will have the keys k7 to k12.
Finally for the eighth round, we will have keys k43 to k48.
The final step consists of an output transformation, which uses just four sub-keys
(k49 to k52).
CRYPTOGRAPHY
The final output produced is the output produced by the output transformation
step, which is four blocks of cipher text named c1 to c4.
These are combined to form the final 64 bit cipher text block.
Rounds:
We have mentioned there are 8 rounds in IDEA.
Each round involves a series of operations on the four data blocks using 6 keys.
As we can see, these steps perform a lot of mathematical actions.
There are multiplications, additions, and XOR operations.
First round:
The initial key consists of 128 bits from which sub keys k1 to k6 are generated for
the first round.
Since k1 to k6 consists of 16 bits each.
The first 96 bits are used for the first round.
At the end of the first round, bits 97-128 of the original keys unused.
Second round:
In the second round firstly the 32 unused bits of the first round are used.
Thus for the second round, still require (96-32=64) more bits.
IDEA employs the technique of key shipping.
At this stage, the original key is shifted left circularly by 25 bits.
Output transformation:
The output transformation is a one time operation.
It takes place at the end of the 8th
round.
We shall assume the four 16 bits sub keys k1 to k14 are available to the output
transformation.
Step 1: multiply* k1 and k1
Step 2: add* k2 and k2
CRYPTOGRAPHY
Step 3: add* k3 and k3
Step 4: multiply* k4 and k4
RC5:
Background:
RC5 is a symmetric key block encryption algorithm developed by Ron rivest.
The main features of RC5 are that it is quite fast as it uses only the primitive
computer operations (such as addition, XOR, shift etc.).
It allows for a variable number of rounds and a variable bit-size to add to the
flexibility.
How RC5 works:-
Basic principles:
In RC5 the word size, number of rounds and number of 8 bits of the key, all can
be variable length.
One decided, these values remain the same for a particular execution of
cryptographic algorithm.
These are variable in the sense that before the execution of particular instance of
RC5, these values can be chosen from those allowed.
The output resulting from RC5 is the cipher text, which has the same size as the
input plain text.
Since RC5 allows for variable values in the three parameters as specified a
particular instance of the RC5 algorithm is denoted as RC5.
We are using the RC5 with a block size of 64 bits, 16 rounds of encryption and 16
bytes.
Principles of operations:
At first RC5 appears to be complicated because of the notations used.
However, it is actually quite simply to understand.
CRYPTOGRAPHY
In the first two steps of the one time initial operation, the input plain text is
divided into two 30 bits block A and B.
The first two subkeys s[0] and s[1] are added to A and B respectively.
This produces C and D respectively and marks the end of the one time operation.
BLOW FISH:
Blow fish was developed by Bruce shinier and has the reputation of begin a very
strong symmetric key cryptographic algorithm
1. fast- blow fish encryption rate on 32-bit microprocessor is 26 clock cycles per byte
2. compact-blow fish can execute in less than 5kb memory
3. simple- such as addition XOR and table lookup, making its design and implementation
simple
4. secure- the key length up to maximum of 448 bits long, making it both flexible and
secure
Operation
It contain two parts
Sub key generation
This process converts up to 448 bits long to sub-key totaling 4168
Data encryption:
Each round contains a key-dependent permutation and data-dependent
substitution
Sub key generation
1. These key have to be ready before encryption a decryption happen. The key size
ranges from 32 bits to 448 bits
These key are stored in arrays
K1, K2,…….,Kn
2. We then have the concept of p-array, of 18 32-bit sub keys:
P1, p2….p18
3. Four s-boxes
CRYPTOGRAPHY
S1, 0, S1, 1…., S1, 255
S2, 0, S2, 1…., S2, 255
S3, 0, S3, 1…., S3, 255
S4, 0, S4, 1…., S4, 255
4. The usage of the bits of a fraction parts of the constant pi for this purpose
5. Blowfish algorithm generate the next 32 bit blocks of the sub key
ADVANCED ENCRYPTION STANDARD (AES)
According to its designers, the main features of AES as follows
1. Symmetric and parallel structure- the gives of the algorithm
contains lot of flexibility
2. Adapted to modern processor- the algorithm work well with
modern processor
3. Suited to small cards- the algorithm can work well with
smart cards
Operation
1. Do the following one time processor
(a) Expand 16 byte key to get the actual key block to be used
(b) Do one time initialization of the 16 byte
(c) XOR the state with the key block
2. for each round
(a) Apply _box to each of the plain text
(b) Rotate row k of the text block
CRYPTOGRAPHY
(c) Perform mix column operations
(d) XOR state with the key block
AN OVERVIEW OF ASYMMETRIC-KEY CRYPTOGRAPHY
We have now defined two functions that are hard to perform: computing
the inverse of a one-way function and distinguishing the output of a pseudo-random
function from a random function. We then gave high-level definitions of more useful
operations: cryptographic hash functions and encryption, which can be based on one-way
functions and pseudo-random functions, respectively. But shared keys are inherently
limiting; these keys must be shared between each pair of principals and complicate the
process of adding new principals to the system.
Similarly, shared key operations are not easily applicable to cases where one
principal performs an operation that affects many principals. An asymmetric key setup
would solve both of these problems: each principal has its own key information that it
does not need to share in secret with other principals.
For an example of how problems arise in symmetric-key settings, consider how
we might perform some of our shared-key operations in a context with, say, three
principals, A, B, and C. Principal A wants to send a message to B and C in such a way
that both know that it came from A. If A and B share key kAB and A and C share key kAC,
then it's not obvious how to send a bit string that guarantees this property (though such
schemes exist); the naive solution of computing a pair (MAC(m, kAB), MAC(m, kAC))
and sending it as an authenticator doesn't work if B and C don't trust each other or don't
trust A, since one element of the pair might pass the check for one principal and the other
not pass the check for the other principal. If A, B, and C all share a single key, then B or
C could create a MAC that appears to come from A.
So, shared keys between more than two principals lose some properties. First,
they lose their binding to identities. Second, authentication for different principals cannot
CRYPTOGRAPHY
be guaranteed. Third, they complicate open systems, in which new principals can appear
at any time, since new principals must be given a key shared with each other principal.
To get around this problem, recall the example of the stock broker. The client
published a pair M1 and M2 of numbers. It happened that the stock broker was the
principal that used these numbers and checked them, but any principal could have
performed the stock broker's actions, since M1 and M2 were published by the client. We
say that key information published like M1 and M2 is a public key and m1 and m2 are the
corresponding private key.
SYMMETRIC AND ASYMMETRIC KEY CRYPTOGRAPHY TOGETHER:
Comparison between symmetric and asymmetric
characteristic Symmetric key cryptography Asymmetric key cryptography
Key used for encryption
Speed of encryption /decryptions
size of resulting encrypted text
Key agreements/exchange
Same Key used for encryption
And decryption
Very fast usually same as or less
than the original clear text size a
big problem equals about the
square number of participants,
so stability is an issue
Mainly for encryption and
One key used for encryption and
another different key is used foe
decryption
No problem at all same as the
number of participants so scale
up quite well
Can be used for encryption and
CRYPTOGRAPHY
number of keys as compared to
the number of percipients in the
message
decryptions cannot be used for
digital signatures and non
signatures
decryption as well as for digital
signatures and non_repudiation
The best of both words
There are following objects are met:
1. The solution should be completed secure
2. The encryption and decryption processes must not take long time
3. The generated cipher text should be compact in size
4. The solution should scale to a large number of users easily, without introducing any
addition
5. The key distribution problem must be solved by the solution
DIGITAL SIGNATURES
Introduction
The context of the asymmetric key cryptography:
If A is the sender of a message and B is the receiver, A encrypts the message with
B’s public key and sends the encrypted message to B
Message digests
A message digests is a fingerprint or the summary of the message. It is similar to the
concepts of Longitudinal Redundancy Check (LRC) or Cyclic Redundancy Check (CRC)
It is used to verify the integrity of the data
An example of LRC calculation at the sender’s end. A block of bits is organized in the
form of a list Longitudinal Redundancy Check (LRC)
CRYPTOGRAPHY
Requirements of a message digest
1 given a message, it should be very easy to find message digests
2 given message digest; it should be very difficult to find the original message
Secure hash algorithm (SHA)
The word secure can be decided based to two feature
(a) Obtain the original message
(b) Find two message production the sane message digest
Comparison of MD5 and SHA-1:
Point of discussion MD5 SHA-1
Message digests length in
bits attack to try and find
the original message digest.
Attack to try and find two
messages producing the
same message digest.
Successful attack so for.
Speed
Software Implementation
128
Requires 2 power 128
operation to break in
Request 2 power 64
operation to break in
That has been reported
attempts to some text.
160
Requires 2 power 160
operation to break in
Requires 2 power 18
operation to break in
No Such Claim so far
Message Authentication Code:
Let as assume the where the sender A wants to send the message M to a receiver B.
1. A and B share a symmetric key K. Which is not known to any one else. A
calculate the MAC. By applying in key K to the message to M.
2. A then send the original message to M and to MAC to B.
CRYPTOGRAPHY
3. When we receives the message be also used K to calculate its own MAC H2
over M.
4. We now compare H1 to H2.
HMAC:
The fundamental idea behind HMAC is to reuse the existing message digest
algorithms, such as MD5 or SHA-1. Obviously, there is no point in reinventing the
wheel. Therefore, what HMAC does it to work with any message digest as a black box?
Additionally it uses the shared symmetric key to encrypt the message digest, which
produces the output MAC.
Digital Signature Techniques:
Due to the problem associated with MAC as mentioned earlier, Digital Signature
Standard (DSS) was developed for performing digital signatures
The politics of digital signature algorithms
The accidents of DSA were not straightforward. One of the aims of NIST the developers
of DSA were to make DSA a free piece of digital signature software.
Moreover big companies such as IBM, Novell, Lotus, apple, Microsoft, DEC, Sun etc
Therefore they were also against the use of DSA there were lot of allegation and
speculation regarding the strength of DSA. All of them were addressed making DSA a
reliable algorithm
KNAPSACK ALGORITHM
Ralph merle and martin hell man developed the first algorithm for public key
encryption called as knapsack Algorithm
CRYPTOGRAPHY
That is, if M1, M2….mn are the given values and S is the sum, find out bi so that
S=b1M1 + b2M2 +….. + bnMn
Each bi can be 0 or 1. A 1 indicates that the item is in the knapsack and 0 indicates that it
is not
SOME OTHER ALGORITHMS
Elliptic curve cryptography (ECC)
An elliptical curve is similar to a normal curve draw curve as graph on x and y
axis. It has points. Each points can be designated by an(x, y) coordinate, just like any
other graph. For instance a point can be destined as(4,9) it is 4 units of the right hand side
of the x axis from the center
Consider an elliptical curve (e) with a point p. now generate a random number d.
let we have q =d * p
Mathematics says that e, p and q are public values and the challenges are to find
d.
CRYPTOGRAPHY
CRYPTOGRAPHY