Anjalai Ammal Mahalingam Engineering College

Kovilvenni-614 403

Department of Information Technology

CCS354 – NETWORK SECURITY

UNIT I INTRODUCTION

Basics of cryptography, conventional and public-key cryptography, hash functions,

authentication, and digital signatures.

1. BASICS OF CRYPTOGRAPHY

1. Computer data often travels from one computer to another, leaving the safety of its

protected physical surroundings.

2. Once the data is out of hand, people with bad intention could modify or forge your

data, either for amusement or for their own benefit.

3. Cryptography can reformat and transform our data, making it safer on its trip between

computers.

4. The technology is based on the essentials of secret codes, augmented by modern

mathematics that protects our data in powerful ways.

• Computer Security - generic name for the collection of tools designed to protect data and

to thwart hackers.

• Network Security - measures to protect data during their transmission over a collection of

interconnected computer.

• Internet Security - measures to protect data during their transmission over a collection of

interconnected networks.

CCS354 NETWORK SECURITY 1 UNIT 1 INTRODUCTION

THE OSI SECURITY ARCHITECTURE
1. To assess effectively the security needs of an organization and to evaluate and choose
various security products and policies, the manager responsible for security needs
some systematic way of defining the requirements for security and characterizing the
approaches to satisfying those requirements.
2. For our purposes, the OSI security architecture provides a useful, if abstract, overview
of many of the concepts.. The OSI security architecture focuses on security attacks,
mechanisms, and services. These can be defined briefly as follows:
Threats and Attacks (RFC 2828)
Threats
A potential for violation of security, which exists when there is a circumstance, capability,
action, or event that could breach security and cause harm. That is, a threat is a possible
danger that might exploit a vulnerability.
Attacks
An assault on system security that derives from an intelligent threat; that is, an intelligent act
that is a deliberate attempt (especially in the sense of a method or technique) to evade
security services and violate the security policy of a system.

Security Attacks, Services and Mechanisms

1. To assess the security needs of an organization effectively, the manager responsible

for security needs some systematic way of defining the requirements for security and
characterization of approaches to satisfy those requirements. One approach is to
consider three aspects of information security:
 Security attack – Any action that compromises the security of information owned by
an organization.
 Security mechanism – A mechanism that is designed to detect, prevent or recover
from a security attack.
 Security service – A service that enhances the security of the data processing systems
and the information transfers of an organization. The services are intended to counter
security attacks and they make use of one or more security mechanisms to provide the
service.

CCS354 NETWORK SECURITY 2 UNIT 1 INTRODUCTION

Security Attacks
1. A useful means of classifying security attacks, used both in X.800 and RFC 2828, is
in terms passive attacks and active attacks.
2. A passive attack attempts to learn or make use of information from the system but
does not affect system resources.
3. An active attack attempts to alter system resources or affect their operation.
Passive Attacks
1. Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions.
The goal of the opponent is to obtain information that is being transmitted.
2. Two types of passive attacks are release of message contents and traffic analysis. The
release of message contents is easily understood (Figure a).
3. A telephone conversation, an electronic mail message, and a transferred file may
contain sensitive or confidential information. We would like to prevent an opponent
from learning the contents of these transmissions.

Figure (a & b) Passive Attacks

CCS354 NETWORK SECURITY 3 UNIT 1 INTRODUCTION

 4. A second type of passive attack, traffic analysis, is subtler (Figure b). Suppose that
we had a way of masking the contents of messages or other information traffic so that
opponents, even if they captured the message, could not extract the information from
the message. The common technique for masking contents is encryption.
5. If we had encryption protection in place, an opponent might still be able to observe
the pattern of these messages.
6. The opponent could determine the location and identity of communicating hosts and
could observe the frequency and length of messages being exchanged.
7. This information might be useful in guessing the nature of the communication that
was taking place. Passive attacks are very difficult to detect because they do not
involve any alteration of the data.
8. Typically, the message traffic is sent and received in an apparently normal fashion
and neither the sender nor receiver is aware that a third party has read the messages or
observed the traffic pattern.
9. However, it is feasible to prevent the success of these attacks, usually by means of
encryption. Thus, the emphasis in dealing with passive attacks is on prevention rather
than detection.
Active Attacks
1. Active attacks involve some modification of the data stream or the creation of a false
stream and can be subdivided into four categories: masquerade, replay, modification
of messages, and denial of service.
2. A masquerade takes place when one entity pretends to be a different entity (Figure
1.4a). A masquerade attack usually includes one of the other forms of active attack.
For example, authentication sequences can be captured and replayed after a valid
authentication sequence has taken place, thus enabling an authorized entity with few
privileges to obtain extra privileges by impersonating an entity that has those
privileges.

CCS354 NETWORK SECURITY 4 UNIT 1 INTRODUCTION

 Figure (a & b): Active Attacks

3. Replay involves the passive capture of a data unit and its subsequent retransmission
to produce an unauthorized effect (Figure b).
4. Modification of messages simply means that some portion of a legitimate message is
altered, or that messages are delayed or reordered, to produce an unauthorized effect

CCS354 NETWORK SECURITY 5 UNIT 1 INTRODUCTION

 (Figure c). For example, a message meaning "Allow John Smith to read confidential
fileaccounts" is modified to mean "Allow Fred Brown to read confidential file
accounts."
5. The denial of service prevents or inhibits the normal use or management of
communications facilities (Figure d).

6. This attack may have a specific target; for example, an entity may suppress all
messages directed to a particular destination (e.g., the security audit service).

CCS354 NETWORK SECURITY 6 UNIT 1 INTRODUCTION

 7. Another form of service denial is the disruption of an entire network, either by
disabling the network or by overloading it with messages so as to degrade
performance.
8. Active attacks present the opposite characteristics of passive attacks. Whereas passive
attacks are difficult to detect, measures are available to prevent their success.
9. On the other hand, it is quite difficult to prevent active attacks absolutely, because of
the wide variety of potential physical, software, and network vulnerabilities.
10. Instead, the goal is to detect active attacks and to recover from any disruption or
delays caused by them. If the detection has a deterrent effect, it may also contribute to
prevention.

SECURITY SERVICES
The classification of security services are as follows:
1. Confidentiality: Ensures that the information in a computer system and transmitted
information are accessible only for reading by authorized parties. Eg., printing,
displaying and other forms of disclosure.
2. Authentication: Ensures that the origin of a message or electronic document is
correctly identified, with an assurance that the identity is not false.
3. Integrity: Ensures that only authorized parties are able to modify computer system
assets and transmitted information. Modification includes writing, changing status,
deleting, creating and delaying or replaying of transmitted messages.
4. Non repudiation: Requires that neither the sender nor the receiver of a message be
able to deny the transmission.
5. Access control: Requires that access to information resources may be controlled by or
the target system.
6. Availability: Requires that computer system assets be available to authorized parties
when needed.

Security Mechanisms
1. Table lists the security mechanisms defined in X.800. As can be seen the mechanisms
are divided into those that are implemented in a specific protocol layer and those that
are not specific to any particular protocol layer or security service.

CCS354 NETWORK SECURITY 7 UNIT 1 INTRODUCTION

 Table Security Mechanisms (X.800)
SPECIFIC SECURITY MECHANISMS
May be incorporated into the appropriate protocol layer in order to provide some of the OSI
security services.
Encipherment
The use of mathematical algorithms to transform data into a form that is not readily
intelligible. The transformation and subsequent recovery of the data depend on an algorithm
and zero or more encryption keys.
Digital SignatureData appended to, or a cryptographic transformation of, a data unit that
allows a recipient of the data unit to prove the source and integrity of the data unit and protect
against forgery (e.g., by the recipient).
Access Control
A variety of mechanisms that enforce access rights to resources.
Data Integrity
A variety of mechanisms used to assure the integrity of a data unit or stream of data units.
Authentication Exchange
A mechanism intended to ensure the identity of an entity by means of information exchange.
Traffic Padding
The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.
Routing Control
Enables selection of particular physically secure routes for certain data and allows routing
changes, especially when a breach of security is suspected.
Notarization
The use of a trusted third party to assure certain properties of a data exchange.
PERVASIVE SECURITY MECHANISMS
Mechanisms thatare not specific to any particular OSI security service or protocol layer.
Trusted Functionality
That which is perceived to be correct with respect to some criteria (e.g., as established by a
security policy).
Security Label
The marking bound to a resource (which may be a data unit) that names or designates the
security attributes of that resource.
Event Detection

CCS354 NETWORK SECURITY 8 UNIT 1 INTRODUCTION

Detection of security-relevant events.
Security Audit Trail
Data collected and potentially used to facilitate a security audit, which is an independent
review and examination of system records and activities.
Security Recovery
Deals with requests from mechanisms, such as event handling and management functions,
and takes recovery actions.

A MODEL FOR NETWORK SECURITY

1. A message is to be transferred from one party to another across some sort of

internet. The two parties, who are the principals in this transaction, must cooperate for
the exchange to take place.
2. A logical information channel is established by defining a route through the
internet from source to destination and by the cooperative use of communication
protocols (e.g., TCP/IP) by the two principals.
3. Using this model requires us to:
o design a suitable algorithm for the security transformation

CCS354 NETWORK SECURITY 9 UNIT 1 INTRODUCTION

 o generate the secret information (keys) used by the algorithm
o develop methods to distribute and share the secret information
o specify a protocol enabling the principals to use the transformation and secret
information for a security service

MODEL FOR NETWORK ACCESS SECURITY

using this model requires us to:

1. select appropriate gatekeeper functions to identify users

2. implement security controls to ensure only authorised users access designated
information or resources
3. trusted computer systems can be used to implement this model

Classical crypto systems

1. An original message is known as the plaintext, while the coded message is called the
ciphertext.
2. The process of converting from plaintext to cipher text is known as enciphering or
encryption; restoring the plaintext from the cipher text is deciphering or decryption.
3. The many schemes used for encryption constitute the area of study known as
cryptography. Such a scheme is known as a cryptographic system or a cipher.
Techniques used for deciphering a message without any knowledge of the enciphering
details fall into the area of cryptanalysis.
4. Cryptanalysis is what the layperson calls "breaking the code." The areas of
cryptography and cryptanalysis together are called cryptology.

CCS354 NETWORK SECURITY 10 UNIT 1 INTRODUCTION

Symmetric Cipher Model
A symmetric encryption scheme has five ingredients
1. Plaintext: This is the original intelligible message or data that is fed into the
algorithm as input.
2. Encryption algorithm: The encryption algorithm performs various substitutions and
transformations on the plaintext.
3. Secret key: The secret key is also input to the encryption algorithm. The key is a
value independent of the plaintext and of the algorithm. The algorithm will produce a
different output depending on the specific key being used at the time. The exact
substitutions and transformations performed by the algorithm depend on the key.
4. Ciphertext: This is the scrambled message produced as output. It depends on the
plaintext and the secret key. For a given message, two different keys will produce two
different cipher texts. The cipher text is an apparently random stream of data and, as it
stands, is unintelligible.
5. Decryption algorithm: This is essentially the encryption algorithm run in reverse. It
takes the cipher text and the secret key and produces the original plaintext.

Figure . Simplified Model of Conventional Encryption

Substitution Techniques:
1. Caesar Cipher
2. Play fair Cipher
3. Hill Cipher
4. Poly alphabetic Ciphers

CCS354 NETWORK SECURITY 11 UNIT 1 INTRODUCTION

Substitution Ciphers:
 Where letters of plaintext are replaced by other letters or by numbers or symbols.
 Or if plaintext is viewed as a sequence of bits, then substitution involves replacing
plaintext bit patterns with cipher text bit patterns.

1. Caesar Cipher:
 The Caesar cipher involves replacing each letter of the alphabet with the letter
standing three places further down the alphabet.

 Example:
Plain: meet me after the toga party
Cipher: PHHW PH DIWHU WKH WRJD SDUWB

Can define transformation as:

Plain: a bc d ef ghi j k l mno pq r s t u v w x yz
Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

Mathematically give each letter a number

a b c d e f g h i j k l m
0 1 2 3 4 5 6 7 8 9 10 11 12

n o p q r s t u V w x y z
13 14 15 16 17 18 19 20 21 22 23 24 25

Then have Caesar cipher algorithm can be expressed as:

C = E(k , p) = (p + k) mod (26)
p = D(k , C) = (C – k) mod (26)
Where k takes on value in the range 1 to 25.

Three important characteristics of this problem enabled us to use a brute-force cryptanalysis:

1. The encryption and decryption algorithms are known.
2. There are only 25 keys to try.
3. The language of the plaintext is known and easily recognizable.

CCS354 NETWORK SECURITY 12 UNIT 1 INTRODUCTION

2. Play fair Cipher
 Not even the large number of keys in a monoalphabetic cipher provides security.
 One approach to improving security was to encrypt multiple letters of plaintext.
 The Playfair algorithm is based on the use of a 5 x 5 matrix of letters constructed
using a keyword.
 Invented by Charles Wheatstone in 1854, but named after his friend Baron Playfair

Playfair Key Matrix:

 A 5X5 matrix of letters based on a keyword
 Fill in letters of keyword
 Fill rest of matrix with other letters
 Eg. Using the keyword MONARCHY
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z

Encrypting and Decrypting:

1. Repeating plaintext letters that are in the same pair are separated with a filler
letter, such as x, so that balloon would be treated as ba lx lo on.
2. Two plaintext letters that fall in the same row of the matrix are each replaced by
the letter to the right, with the first element of the row circularly following the
last. For example, ar is encrypted as RM.
3. Two plaintext letters that fall in the same column are each replaced by the letter
beneath, with the top element of the column circularly following the last. For
example, mu is encrypted as CM.
4. Otherwise, each plaintext letter in a pair is replaced by the letter that lies in its
own row and the column occupied by the other plaintext letter. Thus, hs become
BP and ea becomes IM (or JM, as the encipherer wishes).

CCS354 NETWORK SECURITY 13 UNIT 1 INTRODUCTION

3. Hill Cipher:
 Another interesting multi letter cipher is the Hill cipher, developed by the
mathematician Lester Hill in 1929.
 This encryption algorithm takes m successive plaintext letters and substitutes for them
m ciphertext letters.
 This can be expressed in term of column vectors and matrices for m=3
C= KP mod 26
 Where C and P are column vectors of length 3, representing the plaintext and
ciphertext and K is 3 X 3 matrix, representing the encryption key.
 Operations are performed mod 26.
 In general term, Hill system can be expressed as follows:
C= E (K, P) = KP mod 26
P= D (K, P) = K -1 C mod 26 = K-1 KP = P

Example:

Encipher the plaintext GOD using Hill cipher using the key

SOL: Encryption:
C= E (K, P) = KP mod 26
GOD = 6 14 3

C= = mod 26

=
C= GAX
4. Vigenère Cipher
 Simplest polyalphabetic substitution cipher is the Vigenère Cipher
 To aid in understanding the scheme and to aid in its use, a matrix known as the
vigenere table is constructed.
 Each of the 26 ciphers is laid out horizontally, with key letter for each cipher to its
left.
 A normal alphabet for the plaintext runs across the top.

CCS354 NETWORK SECURITY 14 UNIT 1 INTRODUCTION

  The process of encryption is simple:
 Given a key letter x and a plaintext y, the ciphertext letter is at the intersection of
the row labeled x and the column labeled y; in this case the ciphertext is V.
Example:
 To encrypt a message, a key is needed that is as long as the message.
 Usually, the key is a repeating keyword.
 For example, if the keyword is deceptive, the message "we are discovered save
yourself" is encrypted as follows:
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext: ZICVTWQNGRZGVTWAVZHCQYGLMGJ

1. Transposition Techniques
 All the techniques examine so far involve the substitution of a ciphertext symbol for a
plaintext symbol.
 A very different kind of mapping is achieved by performing some sort of permutation
on the plaintext letters. This technique is referred to as a transposition cipher.
Rail Fence cipher
Row Transposition Ciphers

Rail Fence cipher:

 In which the plaintext is written down as a sequence of diagonals and then read off as
a sequence of rows.
 For example, to encipher the message "meet me after the toga party" with a rail fence
of depth 2, we write the following:
mema t r h t g p r y
e t e f e t e o a a t
 The encrypted message is
MEMATRHTGPRYETEFETEOAAT

Row Transposition Cipher:

 Write the message in a rectangle, row by row and read the message off, column by
column.

CCS354 NETWORK SECURITY 15 UNIT 1 INTRODUCTION

  But permute the order of the columns.
 The order of the columns then becomes the key to the algorithm.

Example:
Key 4 3 1 2 5 6 7
a t t a c k p
Plaintext o s t p o n e
d u n t i l t
w o a m x y z

Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
Steganography
 An alternative to encryption that hides existence of message.
 A simple form of Steganography is one in which an arrangement of words or letters
within an apparently innocuous text spells out the real message.
 Various other techniques of Steganography are as follows:
1. Character marking – selected letters of printed or typewritten text are
overwritten in pencil. The marks are ordinarily not visible unless the paper is
held at an angle to bright light.
2. Invisible ink – a number of substances can be used for writing but leave no
visible trace until heat or some chemical is applied to the paper.
3. Pin punctures – small pin punctures on selected letters are ordinarily not
visible unless the paper is held up in front of a light.
4. Typewriter correction ribbon – used between lines typed with a black
ribbon, the results of typing with the correction tape are visible only under a
strong light.

CCS354 NETWORK SECURITY 16 UNIT 1 INTRODUCTION

2. CONVENTIONAL AND PUBLIC-KEY CRYPTOGRAPHY

CONVENTIONAL CRYPTOGRAPHY
Data Encryption Standard (DES)
 The most widely used encryption scheme is based on the Data Encryption Standard
(DES) adopted in 1977 by the National Bureau of Standards, now the National
Institute of Standards and Technology (NIST), as Federal Information Processing
Standard 46 (FIPS PUB 46).
 The algorithm itself is referred to as the Data Encryption Algorithm (DEA).
 For DES, data are encrypted in 64-bit blocks using a 56-bit key.
 The same steps, with the same key, are used to reverse the encryption.

DES Encryption:
The basic process consists of:
 An initial permutation (IP)
 16 rounds of a complex key dependent calculation f
 A final permutation, being the inverse of IP
DES key schedule: (Operation on key)
 The bits are numbered from 1 to 64, every 8 bit is ignored.
 64 bit key is used as an input to the algorithm.
 Forms sub keys used in each round
 Consists of:
 Initial permutation of the key (PC1) which selects 56-bits in two 28-bit halves C0
and D0
 16 stages consisting of:
 At each round, the two halves are separately subjected to circular shift or
rotation of 1 or 2 bits.
 These shifted values serve as input to the next round.
 They also serve as input to permuted choice 2 (PC2), which produces a 48 bit
output that serves as input to the function F (Ri-1 , Ki )

CCS354 NETWORK SECURITY 17 UNIT 1 INTRODUCTION

General DES encryption Algorithm:

Explanation of the phases:

Initial Permutation:

Inverse IP:
40 8 48 16 56 24 64 32
39 7 47 15 55 23 63 31
38 6 46 14 54 22 62 30
37 5 45 13 53 21 61 29
36 4 44 12 52 20 60 28
35 3 43 11 51 19 59 27
34 2 42 10 50 18 58 26
33 1 41 9 49 17 57 25

CCS354 NETWORK SECURITY 18 UNIT 1 INTRODUCTION

Expansion Permutation (E):
32 1 2 3 4 5
4 5 6 7 8 9
8 9 10 11 12 13
12 13 14 15 16 17
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 28 29
28 29 30 31 32 1

Permutation Function (P):

Initial Permutation IP:

 This is the first step of the data computation
 IP reorders the input data bits& it changes the even bits to LH half, odd bits to RH
half
DES Round Structure:
 Input is divided into 2 halves Li–1 and Ri–1
 Li = Ri–1
 Ri = Li–1 xor F(Ri–1, Ki)
 F takes 32-bit R half and 48-bit roundkey and:
 Expands R to 48-bits using Expansion permutation (E)
 The resulting 48 bits are XORed with Ki
 48 bit result passes through 8 Subtitution function (S-boxes) to get 32-bit
result
 Finally permutes this using 32-bit perm P and produces 32 bit output.
Substitution Boxes S:
 Substitution has eight S-boxes, each of which accepts 6 bits as input and produces 4
bits as output.

CCS354 NETWORK SECURITY 19 UNIT 1 INTRODUCTION

  Outer bits 1 & 6 (row bits) select one row of 4. The first and last bits of the input
box Si form a 2 bit binary number to select one of four substitutions defined by the
four rows in the table Si.
 Inner bits 2-5 (column bits) are substituted. The middle four bits select one of the
16 columns.
 The decimal value in the cell selected by the row and column is then converted to its 4
bits representation to produce the output.
 Row selection depends on both data & key.
Single Round of DES Algorithm:

Calculation of F(R,K):

DES Decryption:
 With Feistel design, decryption uses the same algorithm as encryption, except that the
application of sub keys is reversed (SK16 … SK1)

CCS354 NETWORK SECURITY 20 UNIT 1 INTRODUCTION

Avalanche Effect:
 DES exhibits strong avalanche effect.
 Key desirable property of encryption algorithm is that a change in either the plaintext
or key should produce a significant change in the ciphertext.
 In particular, a change in one bit of the plaintext or one bit of the key should produce
a change in many bits of the ciphertext.
 If the change were small, this might produce a way to reduce the size of the plaintext
or key space to be searched.
Strength of DES – Key Size:
 56-bit key length have 256 key values
 Brute force search looks hard.
Advanced Encryption Standard (AES) Evaluation Criteria
Origins:
 Clear a replacement for DES was needed
 Have theoretical attacks that can break it
 Have demonstrated exhaustive key search attacks
 Can use Triple-DES – but slow, has small blocks
AES Evaluation Criteria
 Initial criteria:
 Security – Effort required for practical cryptanalysis
 Cost – AES must have high computational efficiency
 Algorithm & implementation characteristics – Includes flexibility, suitability
for a variety of h/w and s/w implementations and simplicity.
 Final criteria
 General security
 Software & hardware implementation ease
 Implementation attacks and Flexibility (in en/decrypt, keying, other factors)
AES Cipher - Rijendael
 Designed by Rijmen - Daemen in Belgium
 Has 128/192/256 bit keys, 128 bit data
 An iterative rather than Feistel cipher
 Processes data as block of 4 columns of 4 bytes

CCS354 NETWORK SECURITY 21 UNIT 1 INTRODUCTION

  Operates on entire data block in every round
 Designed to be:
 Resistant against known attacks
 Speed and code compactness on wide range of platforms
Rijndael:
 Data block of 4 columns of 4 bytes (state)
 Key is expanded to array of forty four 32 bit words
 Four different stages are used, one of permutation and three of substitution
 Byte substitution Uses an S-box to perform a byt-by-byte substitution of the
block
 Shift rows A simple permutation
 Mix columns  A substitution that makes use of arithmetic over GF(2 8)
 Add round key  A simple bitwise XOR of the current block with a portion
of the expanded key
 All operations can be combined into XOR and table lookups - hence very fast &
efficient.
AES encryption and decryption:

CCS354 NETWORK SECURITY 22 UNIT 1 INTRODUCTION

Byte Substitution:
 A simple substitution of each byte
 AES defines 16x16 matrix of byte values containing a permutation of all 256 8-bit
values
 Each individual byte of state is mapped into a new byte in the following way:
 row (left most 4-bits) & column (right most 4-bits)
 Eg. Byte {95} is replaced by row 9 col 5 byte
 which has the value {2A}

CCS354 NETWORK SECURITY 23 UNIT 1 INTRODUCTION

Shift Rows:
 A circular byte shift in each
 1st row is unchanged
 2nd row does 1 byte circular shift to left
 3rd row does 2 byte circular shift to left
 4th row does 3 byte circular shift to left

 Decrypt does shifts to right

Mix Columns:
 Each column is processed separately
 Each byte is mapped into a new value that is a function of all 4 bytes in the column.
 Effectively a matrix multiplication in GF(28) using prime poly m(x) =x8+x4+x3+x+1
 Can express each col as 4 equations
 To derive each new byte in col
 In GF(28) addition is bitwise XOR operation and that multiplication can be
performed according to the rule.

CCS354 NETWORK SECURITY 24 UNIT 1 INTRODUCTION

  Decryption requires use of inverse matrix
 With larger coefficients, hence a little harder
Add Round Key:
 Lastly is the Add Round Key stage, in which the 128 bits of state are bitwise XORed
with the 128 bits of the round key.
 The first matrix is state and the 2nd matrix is the round key.
 Inverse for decryption is identical since XOR is own inverse, just with correct round
key.

AES Round

CCS354 NETWORK SECURITY 25 UNIT 1 INTRODUCTION

PUBLIC-KEY CRYPTOGRAPHY

RSA Algorithm:
 Introduced by Rivest, Shamir & Adleman of MIT in 1977
 Best used public-key scheme
 It is a block cipher in which plaintext and ciphertext are integers between 0 to n-1 for
some n.
 Typical size of n is 1024
 RSA makes use of expressions with exponentials
 Security due to cost of factoring large numbers
 Factorization takes o(e log n log log n) operations (hard)
RSA algorithm:
The ingredients of RSA algorithm are as follows:
1. p, q, two prime numbers private, chosen
2. n= pq public, calculated
3. e, with gcd (e , ø(n))=1 , Where 1<e<ø(n) public, chosen
4. d ≡ e-1 mod ø(n) private, calculated
RSA Key generation:
Each user generates a public/private key pair by:
1. Select p , q  p and q are prime numbers , p is not equal to q
2. Calculate n = p * q
3. Calculate ø(n)=(p-1)(q-1)
4. Select integer e
gcd (e , ø(n))=1 , Where 1<e<ø(n)
5. Calculate d
d ≡ e-1 mod ø(n)
6. Public key: PU={e , n}
7. Private key: PR={d , n}
RSA Encryption and decryption:
 Encryption:
Plaintext: M<n
Ciphertext: C=Me mod N
 Decryption:
Ciphertext: C

CCS354 NETWORK SECURITY 26 UNIT 1 INTRODUCTION

 Plaintext: M=Cd mod N
RSA example:
1. Select primes: p=17 & q=11
2. Compute n = pq =17×11=187
3. Compute ø(n)=(p–1)(q-1)=16×10=160
4. Select e : gcd (e,160)=1; choose e=7
5. Determine d:
d ≡ e-1 mod ø(n)
d ≡ 7-1 mod 160 = 23 (Using EEA)
6. Publish public key KU={7,187}
7. Private key KR={23,187}
 Given message M = 88
 Encryption:
C = 887 mod 187 = 11
 Decryption:
M = 1123 mod 187 = 88
Computational aspects of RSA:
 Consider two issues in RSA:
o Encryption and decryption
o Key generation
Encryption and decryption:
 Both encryption and decryption in RSA involves raising an integer to an integer power
mod n (exponentiation)
 Another consideration is the efficiency of exponentiation

Diffie – Hellman key exchange:

 First proposed public-key algorithm by Diffie & Hellman in 1976
 Practical method for public exchange of a secret key.
 Number of commercial products employs this key exchange technique.
 Purpose of this algorithm is to enable two users to exchange a key securely that
can then be used for subsequent encryption of messages.

CCS354 NETWORK SECURITY 27 UNIT 1 INTRODUCTION

  The security of Diffie Hellman lies in the fact that, while it is relatively easy to
calculate exponentials modulo a prime, it is very difficult to compute discrete
logarithms.
Key exchange algorithm:

Key Exchange Protocols

 There are 2 public key known numbers q and α
 User A wishes to exchange a key to B
 User A selects a random integer xa and computes ya
 User B selects a random integer xb and computes yb
 Each user keeps the X value private and makes the Y value available to others.
 User A computes the key as K = (Yb)Xa mod q
 User B computes the key as K = (Ya)Xb mod q
 Result is that the two sides have exchanged a secret key
 An opponent only has the ingredients to work with to get the key: q, α, ya, yb
 To get the secret key of B, the opponent must compute
Xb = ind q, α (yb)

CCS354 NETWORK SECURITY 28 UNIT 1 INTRODUCTION

  Then the key is calculated in the same manner as user B calculates it.

3.HASH FUNCTION

 A variation on the message authentication code is the one-way hash function.

 A hash function accepts a variable-size message M as input and produces a fixed-size
output, referred to as a hash code H (M).
 Unlike a MAC, a hash code does not use a key but is a function only of the input
message.
 The hash code is also referred to as a message digest or hash value.
 The hash code is a function of all the bits of the message and provides an error-
detection capability: A change to any bit or bits in the message results in a change to
the hash code.
Figure a
 The message plus concatenated hash code is encrypted using symmetric encryption.
 Because only A and B share the secret key, the message must have come from A and
has not been altered.
 The hash code provides the required authentication.
 Encryption is applied to the entire message plus hash code, confidentiality is also
provided.

CCS354 NETWORK SECURITY 29 UNIT 1 INTRODUCTION

Figure b
 Only the hash code is encrypted, using symmetric encryption. This reduces the
processing burden for those applications that do not require confidentiality.

Figure c
 Only the hash code is encrypted, using public-key encryption and using the sender's
private key. This provides authentication.
 It also provides a digital signature, because only the sender could have produced the
encrypted hash code.

Figure d
 If confidentiality as well as a digital signature is desired, then the message plus the
private-key-encrypted hash code can be encrypted using a symmetric secret key.
Figure e
 It is possible to use a hash function but no encryption for message authentication.
 The technique assumes that the two communicating parties share a common secret
value S.
 A computes the hash value over the concatenation of M and S and appends the
resulting hash value to M.
 Because B possesses S, it can re compute the hash value to verify.
 Because the secret value itself is not sent, an opponent cannot modify an intercepted
message and cannot generate a false message.
Figure f
 Confidentiality can be added to the approach of (e) by encrypting the entire message
plus the hash code.

CCS354 NETWORK SECURITY 30 UNIT 1 INTRODUCTION

 Figure . Basic Uses of Hash Function

CCS354 NETWORK SECURITY 31 UNIT 1 INTRODUCTION

Hash Function
 A hash value h is generated by a function H of the form
h = H( M )
where M is a variable-length message
H (M) is the fixed-length hash value.
 The hash value is appended to the message at the source at a time when the message is
assumed or known to be correct.
 The receiver authenticates that message by re-computing the hash value.

Requirements for a Hash Function:

 The purpose of a hash function is to produce a "fingerprint" of a file, message, or other
block of data.
 To be useful for message authentication, a hash function H must have the following
properties:
1. H can be applied to a block of data of any size.
2. H produces a fixed-length output.
3. H( x ) is relatively easy to compute for any given x , making both hardware and
software implementations practical.
4. For any given value h , it is computationally infeasible to find x such that H( x ) =h .
This is sometimes referred to in the literature as the one-way property.
5. For any given block x , it is computationally infeasible to find y x such that H(y ) =
H( x ). This is sometimes referred to as weak collision resistance.
6. It is computationally infeasible to find any pair ( x, y ) such that H( x ) = H( y ). This
is sometimes referred to as strong collision resistance.
Simple Hash Functions:
 Input is processed one block at a time in an iterative fashion to produce an n -bit hash
function
 One of the simplest hash functions is the bit-by-bit exclusive-OR (XOR) of every block.
 This can be expressed as follows:
C i = b i1 b i2 ... bim

Ci = i th bit of the hash code, 1 in

M = number of n -bit blocks in theinput

CCS354 NETWORK SECURITY 32 UNIT 1 INTRODUCTION

 b ij = i th bit in j th block

= XOR operation

 With more predictably formatted data, the function is less effective.

 A simple way to improve matters is to perform a one-bit circular shift, or rotation, on the
hash value after each block is processed.
 The procedure can be summarized as follows:
o Initially set the n -bit hash value to zero.
o Process each successive n -bit block of data as follows:
 Rotate the current hash value to the left by one bit.
 XOR the block into the hash value.
 This has the effect of "randomizing" the input more completely and overcoming any
regularity that appear in the input.
 Although the second procedure provides a good measure of data integrity, it is virtually
useless for data security when an encrypted hash code is used with a plaintext message.
 Although a simple XOR or rotated XOR (RXOR) is insufficient if only the hash code is
encrypted.

SHA-512 logic

The algorithm takes as input a message with a maximum length of less than 2 128 bits
and produces as output a 512-bit message digest. The input is processed in 1024-bit blocks.

Steps

1. Append padding bits: The message is padded so that is length is congruent to 896
modulo 1024. Padding consists of a single 1-bit followed by the necessary number of
0-bits.
2. Append length: A block of 128 bits is appended to the message. This block is treated
as an unsigned 128-bit integer that contains the length of the original message(before
the
3. Initialize has buffer: A 512-bits buffer is used to hold intermediate and final results
of the hash function. The buffer can be represented as eight64-bit registers
(a,b,c,d,e,f,g,h). these registers are initialize to the following 64-bit integers
(hexadecimal values).
Sr.No Register Values
1. a 6A09E667F3BCC908
2. b BB67AE8584CAA73B
3. c 3C6EF372FE94F82B
4. d A54FF53A5F1D36F1

CCS354 NETWORK SECURITY 33 UNIT 1 INTRODUCTION

 5. e S10E527FADE682D1
6. f 9B05688C2B3E6C1E
7. g 1F83D9ABF841BD6B
8. h 5BE0CD19137E2179

4. Process message in 1024-bit blocks: It consist of 80 rounds. Each round takes as

input the 512-bit buffer value abcdefgh and updates the contents of the buffer. Each
round t makes use of a 64-bit balue Wt. the output of the last round is added to the
input to the first round(Hi-1) to produce Hi.
5. Output: The output from the Nth stage is the 512-bits message digest.
the behavior of SHA-512 is as follows
H0=IV
Hi=SUM64(Hi-1,abcdefghj)
MD=HN
Where IV=Initial value of the abcdefgh buffer.

abcdefghi=The output of the last round of processing of the ith message block.

N=The number of blocks in the message.

SUM64=Addition modulo 264 performed separately on each word of the pair of

inputs.

MD=Final message digest value.

CCS354 NETWORK SECURITY 34 UNIT 1 INTRODUCTION

SHA-512 round function

Each round is defined by the following set of equations.

512
T1=h=ch(e,f,g)+( 1 e)+Wt+Kt

T2=(⅀5120 a)+Maj(a,b,c)

a=T1+T2

b=a

c=b

d=c

CCS354 NETWORK SECURITY 35 UNIT 1 INTRODUCTION

 e=d+T1

f=e

g=f

h=g

AUTHENTICATION AND DIGITAL SIGNATURE STANDARD

AUTHENTICATION REQUIREMENTS
In the context of communications across a network, the following attacks can be identified.
1. Disclosure: Release of message contents to any person or process not possessing the
appropriate cryptographic key.

2. Traffic analysis: Discovery of the pattern of traffic between parties. In a connection-

oriented application, the frequency and duration of connections could be determined. In
either a connection-oriented or connectionless environment, the number and length of
messages between parties could be determined.
3. Masquerade: Insertion of messages into the network from a fraudulent source. This
includes the creation of messages by an opponent that are purported to come from an
authorized entity. Also included are fraudulent acknowledgements of message receipt or
non-receipt by someone other than the message recipient.
4. Content modification: Changes to the contents of a message, including insertion, deletion,
transposition, and modification.

5. Sequence modification: Any modification to a sequence of messages between parties,

including insertion, deletion, and reordering.
6. Timing modification: Delay or replay of messages. In a connection-oriented application,
an entire session or sequence of messages could be a replay of some previous valid session,
or individual messages in the sequence could be delayed or replayed. In a connectionless
application, an individual message (e.g., data- gram) could be delayed or replayed.
7. Source repudiation: Denial of transmission of message by source.
8. Destination repudiation: Denial of receipt of message by destination

DIGITAL SIGNATURE STANDARD

Digital signature and authentication protocols – DSS
1. A digital signature is an authentication mechanism that enables the creator of a message to
attach a code that acts as a signature. Typically the signature is formed by taking the hash of the
message and encrypting the message with the creator’s private key. The signature guarantees
the source and integrity of the message.
2. The digital signature standard (DSS) is an NIST standard that uses the secure hash algorithm
(SHA).

CCS354 NETWORK SECURITY 36 UNIT 1 INTRODUCTION

Properties
Message authentication protects two parties who exchange messages from any third party.
However, it does not protect the two parties against each other. Several forms of dispute
between the two are possible.

3. For example, suppose that John sends an authenticated message to Mary, using one of the
schemes of Figure 13.1. Consider the following disputes that could arise.
1. Mary may forge a different message and claim that it came from John. Mary would
simply have to create a message and append an authentication code using the key that
John and Mary share.
2. John can deny sending the message. Because it is possible for Mary to forge a message,
there is no way to prove that John did in fact send the message.
4. Both scenarios are of legitimate concern. Here is an example of the first scenario: An
electronic funds transfer takes place, and the receiver increases the amount of funds transferred
and claims that the larger amount had arrived from the sender.An example of the second
scenario is that an electronic mail message contains instructions to a stockbroker for a
transaction that subsequently turns out badly.The sender pretends that the message was never
sent.

CCS354 NETWORK SECURITY 37 UNIT 1 INTRODUCTION

 5. In situations where there is not complete trust between sender and receiver, something more
than authentication is needed. The most attractive solution to this problem is the digital
signature.
The digital signature must have the following properties:
1. It must verify the author and the date and time of the signature.
2. It must authenticate the contents at the time of the signature.
3. It must be verifiable by third parties,to resolve disputes. Thus,the digital signature
function includes the authentication function.

DSS Approach:
 DSS uses an algorithm that is designed to provide only the digital signature function. Unlike
RSA, it cannot be used for encryption or key exchange.
 In RSA approach, the message to be signed is input to a hash function that produces a secure
hash code of fixed length.
 This hash code is then encrypted using the sender's private key to form the signature. Both the
message and the signature are then transmitted.
 The recipient takes the message and produces a hash code.
 The recipient also decrypts the signature using the sender's public key.
 If the calculated hash code matches the decrypted signature, the signature is accepted as valid.

CCS354 NETWORK SECURITY 38 UNIT 1 INTRODUCTION

Two Approaches to Digital Signatures

 In the sender end, DSS approach also makes use of a hash function.
 The hash code is provided as input to a signature function along with a random
number k generated for this particular signature.
 The signature function also depends on the sender's private key PRa and a set of parameters
known to a group of communicating principals.
 We can consider this set to constitute a global public key PUG.
 The result is a signature consisting of two components, labeled s and r.
 At the receiving end, the hash code of the incoming message is generated.
 This plus the signature is input to a verification function.
 The verification function also depends on the global public key as well as the sender's public
key PUa .
 The output of the verification function is a value that is equal to the signature component r if
the signature is valid.
Digital Signature Algorithm:
 DSA is based on the difficulty of computing discrete logarithms
 There are three parameters that are public and can be common to a group of users.
 A 160-bit prime number q is chosen.
 Next, a prime number p is selected with a length between 512 and 1024 bits such that q divides
(p-1).
 Finally, g is chosen to be of the form h( p -1)/q mod p, where h is an integer between 1 and (p -1)
with the restriction that g must be greater than 1.

CCS354 NETWORK SECURITY 39 UNIT 1 INTRODUCTION

Digital Signature Algorithm (DSA):

Global Public-Key Components

p prime number where 2 L- 1 < p < 2 L, for 512 L 1024& L a multiple of 64.

q prime divisor of (p-1), where 2 159 < q < 2 160 ; i.e., bit length of 160 bits

g = h(p -1)/ q mod p

User's Private Key

x random or pseudorandom integer with 0 < x < q

User's Public Key

y = g x mod p

User's Per-Message Secret Number

k = random or pseudorandom integer with 0 < k < q

Signing

r = ( g k mod p ) mod q

s = [ k -1 (H(M) + xr )] mod q

Signature = (r, s)

Verifying

w = (s') -1 mod q

u1 = [ H(M ') w ] mod q

u2 =(r') w mod q

v = [( gu1 yu2 ) mod p ] mod q

TEST : v = r'

M = message to be signed

CCS354 NETWORK SECURITY 40 UNIT 1 INTRODUCTION

 H( M ) = hash of M using SHA-1

M', r', s' = received versions of M, r, s

DSS Signing and Verifying

CCS354 NETWORK SECURITY 41 UNIT 1 INTRODUCTION