CRYPTOGRAPHY AND NETWORK

SECURITY
[20MCA33C]

UNIT-I
Introduction to Cryptography

Faculty:
Dr.R.A.Roseline, M.Sc.,M.Phil.,Ph.D.,
Associate Professor and Head,
Post Graduate and Research Department of Computer Applications,
Government Arts College(Autonomous),Coimbatore-641 018.
 SYLLABUS
Unit - I
Introduction to Cryptography – Security Attacks – Security Services – Security Algorithm – Stream cipher and
Block cipher – Symmetric and Asymmetric-key Cryptosystem Symmetric Key Algorithms: Introduction – DES –
Triple DES – AES – IDEA – Blowfish – RC5.

Unit - II
Public-key Cryptosystem: Introduction to Number Theory – RSA Algorithm – Key Management – Diffie-Hell man
Key exchange – Elliptic Curve Cryptography Message Authentication and Hash functions – Hash and Mac
Algorithm – Digital Signatures and Authentication Protocol.

Unit – III
Network Security Practice: Authentication Applications – Kerberos – X.509 Authentication services and Encryption
Techniques. E-mail Security – PGP – S / MIME – IP Security.

Unit – IV
Web Security – Secure Socket Layer – Secure Electronic Transaction. System Security – Intruders and Viruses –
Firewalls– Password Security

Unit - V
Case Study: Implementation of Cryptographic Algorithms – RSA – DSA – ECC (C / JAVA Programming). Network
Forensic – Security Audit – Other Security Mechanism: Introduction to: Stenography – Quantum Cryptography –
Water Marking – DNA Cryptography.
 Computer Security
 theprotection afforded to an automated
information system in order to attain the
applicable objectives of preserving the
integrity, availability and confidentiality of
information system resources (includes
hardware, software, firmware,
information/data, and telecommunications)
Key Security Concepts
 Examples of Security
Requirements
 confidentiality – student grades
 integrity – patient information
 availability – authentication service
 OSI Security Architecture
 ITU-T X.800 “Security Architecture for OSI”
 defines a systematic way of defining and
providing security requirements
 for us it provides a useful, if abstract,
overview of concepts we will study
 Aspects of Security
 consider 3 aspects of information security:
 security attack
 security mechanism
 security service
 note terms
 threat – a potential for violation of security
 attack – an assault on system security, a
deliberate attempt to evade security services
Passive Attacks
Active Attacks
 Security Service
 enhance security of data processing systems
and information transfers of an organization
 intended to counter security attacks
 using one or more security mechanisms
 often replicates functions normally associated
with physical documents
• which, for example, have signatures, dates; need
protection from disclosure, tampering, or
destruction; be notarized or witnessed; be
recorded or licensed
 Security Services
 X.800:
“a service provided by a protocol layer of
communicating open systems, which ensures
adequate security of the systems or of data
transfers”

 RFC 2828:
“a processing or communication service
provided by a system to give a specific kind of
protection to system resources”
 Security Services (X.800)
 Authentication - assurance that communicating
entity is the one claimed
 have both peer-entity & data origin authentication
 Access Control - prevention of the
unauthorized use of a resource
 Data Confidentiality –protection of data from
unauthorized disclosure
 Data Integrity - assurance that data received is
as sent by an authorized entity
 Non-Repudiation - protection against denial by
one of the parties in a communication
 Availability – resource accessible/usable
 Security Mechanism
 feature designed to detect, prevent, or
recover from a security attack
 no single mechanism that will support all
services required
 however one particular element underlies
many of the security mechanisms in use:
 cryptographic techniques
 hence our focus on this topic
 Security Mechanisms (X.800)
 specific security mechanisms:
 encipherment, digital signatures, access

controls, data integrity, authentication

exchange, traffic padding, routing control,
notarization
 pervasive security mechanisms:
 trusted functionality, security labels, event

detection, security audit trails, security

recovery
Model for Network Security
 Model for Network Security
 using this model requires us to:
1. design a suitable algorithm for the security
transformation
2. generate the secret information (keys) used
by the algorithm
3. develop methods to distribute and share the
secret information
4. specify a protocol enabling the principals to
use the transformation and secret
information for a security service
Model for Network Access
Security
 Model for Network Access
Security
 using this model requires us to:
1. select appropriate gatekeeper functions to
identify users
2. implement security controls to ensure only
authorised users access designated
information or resources
 Symmetric Encryption
 or conventional / private-key / single-key
 sender and recipient share a common key
 all classical encryption algorithms are
private-key
 was only type prior to invention of public-
key in 1970’s
 and by far most widely used
 Some Basic Terminology
 plaintext - original message
 ciphertext - coded message
 cipher - algorithm for transforming plaintext to ciphertext
 key - info used in cipher known only to sender/receiver
 encipher (encrypt) - converting plaintext to ciphertext
 decipher (decrypt) - recovering ciphertext from plaintext
 cryptography - study of encryption principles/methods
 cryptanalysis (codebreaking) - study of principles/
methods of deciphering ciphertext without knowing key
 cryptology - field of both cryptography and cryptanalysis
Symmetric Cipher Model
 Requirements
 two
requirements for secure use of
symmetric encryption:
 a strong encryption algorithm
 a secret key known only to sender / receiver
 mathematically have:
Y = E(K, X)
X = D(K, Y)
 assume encryption algorithm is known
 implies a secure channel to distribute key
 Cryptography
 can characterize cryptographic system by:
 type of encryption operations used
• substitution
• transposition
• product
 number of keys used
• single-key or private
• two-key or public
 way in which plaintext is processed
• block
• stream
 Cryptanalysis
 objectiveto recover key not just message
 general approaches:
 cryptanalytic attack
 brute-force attack
 if either succeed all key use compromised
 Cryptanalytic Attacks
 ciphertext only
 only know algorithm & ciphertext, is statistical,
know or can identify plaintext
 known plaintext
 know/suspect plaintext & ciphertext
 chosen plaintext
 select plaintext and obtain ciphertext
 chosen ciphertext
 select ciphertext and obtain plaintext
 chosen text
 select plaintext or ciphertext to en/decrypt
 Brute Force Search
 always possible to simply try every key
 most basic attack, proportional to key size
 assume either know / recognise plaintext

Key Size (bits) Number of Alternative Time required at 1 Time required at 106
Keys decryption/µs decryptions/µs
32 232 = 4.3  109 231 µs = 35.8 minutes 2.15 milliseconds
56 256 = 7.2  1016 255 µs = 1142 years 10.01 hours
128 2128 = 3.4  1038 2127 µs = 5.4  1024 years 5.4  1018 years

168 2168 = 3.7  1050 2167 µs = 5.9  1036 years 5.9  1030 years

26 characters 26! = 4  1026 2  1026 µs = 6.4  1012 years 6.4  106 years
(permutation)
 Feistel Cipher Structure
 Horst Feistel devised the feistel cipher
 based on concept of invertible product cipher
 partitions input block into two halves
 process through multiple rounds which
 perform a substitution on left data half
 based on round function of right half & subkey
 then have permutation swapping halves
 implements Shannon’s S-P net concept
Feistel Cipher Structure
Feistel Cipher Design Elements
 block size
 key size
 number of rounds
 subkey generation algorithm
 round function
 fast software en/decryption
 ease of analysis
Data Encryption Standard (DES)

 most widely used block cipher in world

 adopted in 1977 by NBS (now NIST)
 as FIPS PUB 46
 encrypts 64-bit data using 56-bit key
 has widespread use
 has been considerable controversy over
its security
 DES History
 IBM developed Lucifer cipher
 by team led by Feistel in late 60’s
 used 64-bit data blocks with 128-bit key
 then redeveloped as a commercial cipher
with input from NSA and others
 in 1973 NBS issued request for proposals
for a national cipher standard
 IBM submitted their revised Lucifer which
was eventually accepted as the DES
 DES Design Controversy
 althoughDES standard is public
 was considerable controversy over design
 in choice of 56-bit key (vs Lucifer 128-bit)
 and because design criteria were classified
 subsequent events and public analysis
show in fact design was appropriate
 use of DES has flourished
 especially in financial applications
 still standardised for legacy application use
 Multiple Encryption & DES
 clear a replacement for DES was needed
 theoretical attacks that can break it
 demonstrated exhaustive key search attacks
 AES is a new cipher alternative
 prior to this alternative was to use multiple
encryption with DES implementations
 Triple-DES is the chosen form
 Double-DES?
 could use 2 DES encrypts on each block
 C = EK2(EK1(P))
 issueof reduction to single stage
 and have “meet-in-the-middle” attack
 works whenever use a cipher twice
 since X = EK1(P) = DK2(C)
 attack by encrypting P with all keys and store
 then decrypt C with keys and match X value
 can show takes O(256) steps
 Triple-DES with Two-Keys
 hence must use 3 encryptions
 would seem to need 3 distinct keys
 but can use 2 keys with E-D-E sequence
 C = EK1(DK2(EK1(P)))
 nb encrypt & decrypt equivalent in security
 if K1=K2 then can work with single DES
 standardized in ANSI X9.17 & ISO8732
 no current known practical attacks
 several proposed impractical attacks might
become basis of future attacks
 Triple-DES with Three-Keys
 although are no practical attacks on two-
key Triple-DES have some indications
 can use Triple-DES with Three-Keys to
avoid even these
 C = EK3(DK2(EK1(P)))
 hasbeen adopted by some Internet
applications, eg PGP, S/MIME
 Origins
 clear a replacement for DES was needed
 have theoretical attacks that can break it
 have demonstrated exhaustive key search attacks
 can use Triple-DES – but slow, has small blocks
 US NIST issued call for ciphers in 1997
 15 candidates accepted in Jun 98
 5 were shortlisted in Aug-99
 Rijndael was selected as the AES in Oct-2000
 issued as FIPS PUB 197 standard in Nov-2001
 The AES Cipher - Rijndael
 designed by Rijmen-Daemen in Belgium
 has 128/192/256 bit keys, 128 bit data
 an iterative rather than feistel cipher
 processes data as block of 4 columns of 4 bytes
 operates on entire data block in every round
 designed to be:
 resistant against known attacks
 speed and code compactness on many CPUs
 design simplicity
 AES
Encryption
Process
 AES Structure
 data block of 4 columns of 4 bytes is state
 key is expanded to array of words
 has 9/11/13 rounds in which state undergoes:
 byte substitution (1 S-box used on every byte)
 shift rows (permute bytes between groups/columns)
 mix columns (subs using matrix multiply of groups)
 add round key (XOR state with key material)
 view as alternating XOR key & scramble data bytes
 initial XOR key material & incomplete last round
 with fast XOR & table lookup implementation
AES Structure
AES Round
 Random Numbers
 many uses of random numbers in cryptography
 nonces in authentication protocols to prevent replay
 session keys
 public key generation
 keystream for a one-time pad
 in all cases its critical that these values be
 statistically random, uniform distribution, independent
 unpredictability of future values from previous values
 true random numbers provide this
 care needed with generated random numbers
 Pseudorandom Number
Generators (PRNGs)
 often
use deterministic algorithmic
techniques to create “random numbers”
 although are not truly random
 can pass many tests of “randomness”
 known as “pseudorandom numbers”
 created by “Pseudorandom Number
Generators (PRNGs)”
Random & Pseudorandom
Number Generators
Stream Cipher Structure
 Stream Cipher Properties
 some design considerations are:
 long period with no repetitions
 statistically random
 depends on large enough key
 large linear complexity
 properly designed, can be as secure as a
block cipher with same size key
 but usually simpler & faster
 RC5
a proprietary cipher owned by RSADSI
 designed by Ronald Rivest (of RSA fame)
 used in various RSADSI products
 can vary key size / data size / no rounds
 very clean and simple design
 easy implementation on various CPUs
 yet still regarded as secure
 RC5 Ciphers
 RC5 is a family of ciphers RC5-w/r/b
 w = word size in bits (16/32/64) nb data=2w
 r = number of rounds (0..255)
 b = number of bytes in key (0..255)
 nominal version is RC5-32/12/16
 ie 32-bit words so encrypts 64-bit data blocks
 using 12 rounds
 with 16 bytes (128-bit) secret key
 RC5 Key Expansion
 RC5 uses 2r+2 subkey words (w-bits)
 subkeys are stored in array S[i], i=0..t-1
 then the key schedule consists of
 initializing S to a fixed pseudorandom value,
based on constants e and phi
 the byte key is copied (little-endian) into a c-
word array L
 a mixing operation then combines L and S to
form the final S array
 RC5 Encryption
 split input into two halves A & B
L0 = A + S[0];
R0 = B + S[1];
for i = 1 to r do
Li = ((Li-1 XOR Ri-1) <<< Ri-1) + S[2 x i];
Ri = ((Ri-1 XOR Li) <<< Li) + S[2 x i + 1];
 each round is like 2 DES rounds
 note rotation is main source of non-linearity
 need reasonable number of rounds (eg 12-16)
 RC5 Modes
 RFC2040 defines 4 modes used by RC5
 RC5 Block Cipher, is ECB mode
 RC5-CBC, is CBC mode
 RC5-CBC-PAD, is CBC with padding by bytes
with value being the number of padding bytes
 RC5-CTS, a variant of CBC which is the same
size as the original message, uses ciphertext
stealing to keep size same as original
 Modes of Operation
 block ciphers encrypt fixed size blocks
 eg. DES encrypts 64-bit blocks with 56-bit key
 need some way to en/decrypt arbitrary
amounts of data in practise
 NIST SP 800-38A defines 5 modes
 have block and stream modes
 to cover a wide variety of applications
 can be used with any block cipher
Electronic Codebook Book (ECB)
 message is broken into independent
blocks which are encrypted
 each block is a value which is substituted,
like a codebook, hence name
 each block is encoded independently of
the other blocks
Ci = EK(Pi)
 uses: secure transmission of single values
 Advantages and Limitations of
ECB
 message repetitions may show in ciphertext
 if aligned with message block
 particularly with data such graphics
 or with messages that change very little, which
become a code-book analysis problem
 weakness is due to the encrypted message
blocks being independent
 main use is sending a few blocks of data
Cipher Block Chaining (CBC)
 message is broken into blocks
 linked together in encryption operation
 each previous cipher blocks is chained
with current plaintext block, hence name
 use Initial Vector (IV) to start process
Ci = EK(Pi XOR Ci-1)
C-1 = IV
 uses: bulk data encryption, authentication
 Cipher
Block
Chaining
(CBC)
 Cipher FeedBack (CFB)
 message is treated as a stream of bits
 added to the output of the block cipher
 result is feed back for next stage (hence name)
 standard allows any number of bit (1,8, 64 or
128 etc) to be feed back
 denoted CFB-1, CFB-8, CFB-64, CFB-128 etc
 most efficient to use all bits in block (64 or 128)
Ci = Pi XOR EK(Ci-1)
C-1 = IV
 uses: stream data encryption, authentication
 s-bit
Cipher
FeedBack
(CFB-s)
 Advantages and Limitations of
CFB
 appropriate when data arrives in bits/bytes
 most common stream mode
 limitation is need to stall while do block
encryption after every n-bits
 note that the block cipher is used in
encryption mode at both ends
 errors propogate for several blocks after
the error
 Counter (CTR)
a “new” mode, though proposed early on
 similar to OFB but encrypts counter value
rather than any feedback value
 must have a different key & counter value
for every plaintext block (never reused)
Oi = EK(i)
Ci = Pi XOR Oi
 uses: high-speed network encryptions
Counter
(CTR)
 Advantages and Limitations of
CTR
 efficiency
 can do parallel encryptions in h/w or s/w
 can preprocess in advance of need
 good for bursty high speed links
 random access to encrypted data blocks
 provable security (good as other modes)
 but must ensure never reuse key/counter
values, otherwise could break (cf OFB)