SlideShare a Scribd company logo

Module 2.pptx

Download as PPTX, PDF
S
seethal9

Block ciphers and stream ciphers are the two main types of symmetric encryption algorithms. Block ciphers encrypt data in fixed-length blocks, while stream ciphers encrypt data one bit or byte at a time. The AES and DES algorithms are common block ciphers that use a feistel network structure with multiple rounds of processing. Modes of operation like ECB, CBC, CFB and OFB define how block ciphers can encrypt multiple blocks of data. Public key cryptography uses asymmetric algorithms like RSA that have separate public and private keys, allowing for both encryption and digital signatures. Key distribution and management are important aspects of deploying public key encryption at scale.

Engineering
1 of 74
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
CYBER SECURITY AND CRYPTOGRAPHY S3. MCA Module 2 Prepared By SEETHAL PRINCE E Asst. Professor CSE
Block Ciphers and Stream Cipher • Stream Cipher: • Encrypts Digital Data Stream 1 bit or 1 byte at a time. • Eg: Vigenere Cipher, Vernam Cipher • Block Cipher • A block of plaintext is treated as a whole and used to produce cipher text block of equal length. • Typically a block size of 64 or 128 bits is used.
Module 2.pptx
Block Cipher Design Principles - Feistel Structure • The plaintext is divided into 2 equal halves (Left and Right). • Right Half is applied to a function(Round Function). • The output from this function is XORed with Left half. • Output of this XOR operation and Right half is swapped to make the new left and right. • This entire process is called a ROUND. • This process is repeated to make multi rounds and thus encryption is made stronger
Module 2.pptx
Fiestel Encryption • The inputs to the encryption algorithm are a plaintext block of length 2w bits and a key K . • The plaintext block is divided into two halves L0 and R0 • The two halves of the data pass through n rounds of processing and then combine to produce the ciphertext block. • Each round i has Li-1 and Ri-1 derived from the previous round as inputs, as well as a subkey Ki derived from the overall K. • In general, the subkeys Ki are different from K and from each other.
Cont.. • All rounds have the same structure. A substitution is performed on the left half of the data. • This is done by applying a round function F to the right half of the data and then taking the exclusive-OR of the output of that function and the left half of the data. • The round function has the same general structure for each round but is parameterized by the round subkey .
Fiestel Decryption • Use the ciphertext as input to the algorithm, but use the subkeys in reverse order. • That is, use Kn in the first round, Kn-1 in the second round, and so on, until K1 is used in the last round. • We need not implement two different algorithms; one for encryption and one for decryption.
Feistel network depends on the choice of the following parameters and design • Block size: Larger block sizes mean greater security but, reduced encryption/decryption speed for a given algorithm. Traditionally, a block size of 64 bits has been considered. • Key size: Larger key size means greater security but may decrease encryption/ decryption speed. The greater security is achieved by greater resistance to brute-force attacks. Key sizes of 64 bits or less are now widely considered to be inadequate, and 128 bits has become a common size.
Cont… • Number of rounds: The essence of the Feistel cipher is that a single round offers inadequate security but that multiple rounds offer increasing security. A typical size is 16 rounds. • Subkey generation algorithm: Greater complexity in this algorithm should lead to greater difficulty of cryptanalysis. • Round function F: Greater complexity generally means greater resistance to cryptanalysis.
Modes Of Operation To apply a block cipher in a variety of applications, five modes of operation have been defined: 1. Electronic Code Book Mode 2. Cipher Block Chaining Mode 3. Cipher Feedback Mode 4. Output Feedback Mode 5. Counter Mode
1. Electronic Code Book Mode • The simplest mode is the electronic codebook (ECB) mode, in which plaintext is handled one block at a time and each block of plaintext is encrypted using the same key.
2. Cipher Block Chaining • In this scheme, the input to the encryption algorithm is the XOR of the current plaintext block and the preceding ciphertext block • Same key is used for each block. • To produce the first block of ciphertext, an initialization vector (IV) is XORed with the first block of plaintext. • On decryption, the IV is XORed with the output of the decryption algorithm to recover the first block of plaintext. • The IV is a data block that is that same size as the cipher block.
Note: In both Encryption and Decryption Cipher block is chained.
3. Cipher Feedback Mode • The input to the encryption function is a s-bit shift register that is initially set to some initialization vector (IV). • The leftmost (most significant) s bits of the output of the encryption function are XORed with the first segment of plaintext to produce the first unit of ciphertext , which is then transmitted. • The contents of the shift register are shifted left by s bits, and C1 is placed in the rightmost (least significant) s bits of the shift register. • This process continues until all plaintext units have been encrypted.
Note: • Not the plaintext but, output of the shift register is Encrypted using the Key • Common value of s=8
• For decryption, the same scheme is used, except that the received ciphertext unit is XORed with the output of the encryption function to produce the plaintext unit. • Note that it is the encryption function that is used, not the decryption function.
Module 2.pptx
4. Output Feedback Mode • The output feedback (OFB) mode is similar in structure to that of CFB. • The output of the encryption function is fed back to the shift register in OFB. • OFB mode operates on full blocks of plaintext and ciphertext.
Module 2.pptx
Cont.. • OFB mode requires an initialization vector. • Nonce: unique to each execution of the encryption operation. • Advanatge: bit errors in transmission do not propagate. • Disadvantage: more vulnerable to a message stream modification attack.
5. Counter Mode • A counter equal to the plaintext block size is used. • Counter value must be different for each plaintext block. • It is initialized to some value and then incremented by 1 for each subsequent block. • For encryption, the counter is encrypted and then XORed with the plaintext block to produce the ciphertext block. • There is no chaining. • For decryption, the same sequence of counter values is used, with each encrypted counter XORed with a ciphertext block to recover the corresponding plaintext block.
Note: T denotes Counters
Module 2.pptx
DES – Data Encryption Standard • The most widely used encryption scheme is based on the Data Encryption Standard (DES) adopted in 1977 by the National Bureau of Standards. • Data are encrypted in 64-bit blocks using a 56-bit key. • The algorithm transforms 64-bit input in a series of steps into a 64-bit output. • The same steps, with the same key, are used to reverse the encryption(ie; decryption) • Uses Feistel Structure principles.
Module 2.pptx
Cont. • There are two inputs to the encryption function: • the plaintext to be encrypted • the key. • The plaintext must be 64 bits in length and the key is 56 bits in length. (Actually, the function expects a 64-bit key as input. However, only 56 of these bits are ever used; the other 8 bits can be used as parity bits or simply set arbitrarily.)
Cont. • At the left-hand side of the figure, we can see that the processing of the plaintext • First, the 64-bit plaintext passes through an initial permutation (IP) that rearranges the bits to produce the permuted input. • This is followed by a phase consisting of sixteen rounds of the same function, which involves both permutation and substitution functions. • The output of the last (sixteenth) round consists of 64 bits that are a function of the input plaintext and the key. • The left and right halves of the output are swapped to produce the preoutput. • Finally, the preoutput is passed through a permutation that is the inverse of the initial permutation function, to produce the 64-bit ciphertext.
Cont. • The right-hand portion of Figure shows the way in which the 56-bit key is used. • Initially, the key is passed through a permutation function. • Then, for each of the sixteen rounds, a subkey (Ki) is produced by the combination of a left circular shift and a permutation. • The permutation function is the same for each round, but a different subkey is produced because of the repeated shifts of the key bits.
Module 2.pptx
Cont. • The left and right halves of each 64-bit input is treated as separate 32-bit quantities, L (left) and R (right). • The round key is 48 bits. • The input is 32 bits. • This input is first expanded to 48 bits. • This is XORed with Ki. • This 48-bit result passes through a substitution function that produces a 32-bit output. • This is permuted again.
Cont. • The role of the S-boxes in the function F is illustrated in Figure. • The substitution consists of a set of eight S-boxes, each of which accepts 6 bits as input and produces 4 bits as output.
Cont. • Key Generation • A 64-bit key is used as input to the algorithm. • The key is first subjected to a permutation. • The resulting 56-bit key is then treated as two 28-bit quantities, labeled C0 and D0. • At each round, Ci-1 and Di-1 are separately subjected to a circular left shift. • These shifted values serve as input to the next round. • They also serve as input to the part labeled Permuted Choice Two which produces a 48-bit output that serves as input to the function F(R,K). • DES Decryption • As with any Feistel cipher, decryption uses the same algorithm as encryption, except that the application of the subkeys is reversed.
AES – Advanced Encryption Standard • Strongest encryption algorithm. • Symmetric key block cipher. • Block size is 128 bits (plaintext and Cipher text) Rounds No. of bits in key 10 128 12 192 14 256
Cont. • Input is in the form of 4x4 matrix • ie; 16 bytes = 128 bits
Cont. • No. of keys = No. of rounds +1 • States :- 4x4 matrix , stores intermediate results • Each Round has four different stages • Substitute bytes: Uses an S-box to perform a byte-by-byte substitution of the block • ShiftRows: A simple permutation • MixColumns: A substitution that makes use of arithmetic over • AddRoundKey: A simple bitwise XOR of the current block with a portion of the expanded key • Last round has only 3 stages, MixColums is not in nth round.
Cont. • Substitution Bytes: • Also called as SubBytes. • Is a simple table lookup. • Each individual byte of State is mapped into a new byte.
Cont. • Shift Rows Transformation Row 1 : 0 or no shift Row 2: 1 byte shift Row 3: 2 byte shift Row 4: 3 byte shift
Cont. • MixColums • A constant matrix of size 4x4 is used . • Each word (column) is taken, multiplied with constant 4x4 matrix. • Product word is placed in the corresponding position of output matrix. • This stage is not performed in the last round.
Cont. • Add Round Key • 128 bits of State are bitwise XORed with the 128 bits of the round key. • AES Decryption : It is the reverse of Encryption process. • Key is used in reverse order.
MULTIPLE ENCRYPTION AND TRIPLE DES • Considering the vulnerabilities in DES, there has been considerable interest in finding an alternative. • One approach is to design a completely new algorithm, of which AES is a prime example. • Another alternative, which would preserve the existing investment in software and equipment, is to use multiple encryption with DES and multiple keys.
Double DES • The simplest form of multiple encryption has two encryption stages and two keys • Given a plaintext and two encryption keys, cipher text is generated as: C = E(K2, E(K1, P)) • Decryption requires that the keys be applied in reverse order P = D(K1, D(K2, C)) • But, his is vulnerable to meet-in-the-middle attack
Triple DES with Two Keys • It’s a triple encryption method that uses only two keys. • The function follows an encrypt-decrypt-encrypt (EDE) sequence. • C = E(K1, D(K2, E(K1, P))) • P = D(K1, E(K2, D(K1, C))). • 3DES with two keys is a relatively popular alternative to DES
PRINCIPLES OF PUBLIC-KEY CRYPTOSYSTEMS • Asymmetric algorithms rely on one key for encryption and a different but related key for decryption. • It is computationally infeasible to determine the decryption key given only knowledge of the cryptographic algorithm and the encryption key.
Module 2.pptx
A public-key encryption scheme has 5 ingredients • Plaintext: This is the readable message or data that is fed into the algorithm as input. • Encryption algorithm: The encryption algorithm performs various transformations on the plaintext. • Public and private keys: This is a pair of keys that have been selected so that if one is used for encryption, the other is used for decryption.The exact transformations performed by the algorithm depend on the public or private key that is provided as input. • Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the key. For a given message, two different keys will produce two different ciphertexts. • Decryption algorithm: This algorithm accepts the ciphertext and the matching key and produces the original plaintext.
Steps: 1. Each user generates a pair of keys to be used for the encryption and decryption of messages. 2. Each user places one of the two keys in a public register or other accessible file. This is the public key. The companion key is kept. Each user maintains a collection of public keys obtained from others. 3. If Bob wishes to send a confidential message to Alice, Bob encrypts the message using Alice’s public key. 4. When Alice receives the message, she decrypts it using her private key. No other recipient can decrypt the message because only Alice knows Alice’s private key.
Ensuring secrecy/confidentiality in public key cryptography • Encryption : using public key • Decryption : using private key • How? • As receiver decrypts the cipher text using his private key, only the authorized receiver can do the decryption.
Ensuring authentication in public key cryptography • Encryption : using private key • Decryption : using public key • How? • As the sender encrypts the plaintext using his private key, at the receiver end it can be assured that the cipher text comes from that particular sender.. • The entire message serves as s digital signature of the sender.
Ensuring both confidentiality and authentication in public key cryptography
RSA [Rivest-Shamir-Adleman] • The RSA scheme is a block cipher in which the plaintext and ciphertext are integers between 0 and n - 1 for some n. • Encryption and decryption are of the following form, for some plaintext block M and ciphertext block C. • Public Key: (e,n) • Private Key: (d,n)
Steps: 1. Select two prime numbers, p and q. 2. Calculate n = pq. 3. Calculate f(n) = (p - 1)(q - 1). 4. Select e such that e is relatively prime to f(n) and less than f(n) 5. Determine d such that, de ≡ 1 mod f(n) de mod f(n) = 1
RSA Example • Choose p = 3 and q = 11 • Compute n = p * q = 3 * 11 = 33 • Compute φ(n) = (p - 1) * (q - 1) = 2 * 10 = 20 • Choose e such that 1 < e < φ(n) and e and φ (n) are coprime. Let e = 3 • Compute a value for d such that (d * e) % φ(n) = 1. One solution is d = 7 • Public key is (e, n) => (3, 33) • Private key is (d, n) => (7, 33)
M=19 Encryption: Cipher Text, C = Me mod n = 193 mod 33 = 6859 mod 33 = 28 Decryption: M = Cd mod n = 287 mod 33 = (282*282 *282*281) mod 33 = (25*25*25*28) mod 33 = 437500 mod 33 = 19 = M
Key Management • There are 2 distinct aspect to use public key: • The distribution of public key • The use of public – key encryption to distribute secret keys
Distribution of Public Keys • Several techniques have been proposed for the distribution of public keys: 1. Public Announcement 2. Publically available directory 3. Public-key authority 4. Public-key certificates
1. Public Announcement of Public Keys • Point of public-key encryption should be that the public key is public. • Any party can send his or her public key to any other participant or broadcast the key to the community at large. • Disadvantage is that anyone can forge such a public announcement.
2. Public Key Directory Allice 011101011101 Bob 0011000101001 Bimal 0001111100110 …. …. • If the directory is made available to everybody, an attacker can change the values which will disturb the entire system. • Solution: Hire a trusted authority responsible to maintain this file. • Bottle neck problem at the authority happens.
3. Public Key Authority • Each participant knows a public key for the authority, with only the authority knowing the corresponding private key. • This may cause bottle neck in the system. • Because, every user will be trying to contact the authority.
4. Public Key Certificates • Another approach is to use certificates that can be used by participants to exchange keys without contacting a public-key authority. • Each participant will get a certificate made ready from the authority. • Each certificate will have id of the user, timestamp, public key of user along with the authorities signature. • So, when 2 parties has to communicate, they send their certificates to each other.
Diffie Hellman Key Exchange Algorithm • Not an encryption algorithm • Used to exchange secret/symmetric key. • Done using Assymetric Encryption
Steps: 1. Select a Prime Number –> q 2. Select a number α : α < q and α is primitive root of q [if α modp, α2 modp, α3 modp….. α p-1 mod p gives the answers 1,2,3…p-1 we call α as primitive root of p] 3. Assume XA : Private key of user A, XA <q 4. Calculate YA: Public key of user A, YA= α XA mod q 5. Assume XB : Private key of user B, XB < q 6. Calculate YB : Public key of user B, YB = α XB mod q 7.Calculation of Secret Key at SENDER (A) side : K = (YB)X A mod q 8. Calculation of Secret Key at RECEIVER (B) side : K = (YA)X mod q [After calculation these K must be equal, then we say the key exchange happened successfully]
Module 2.pptx
Example : q=11 1. q = 11 2 |10 2. α = ? 5 Steps to find primitive root : n=11 F(n) = n-1 = 10 Find prime factors of 10 : 2 and 5 Take numbers from s = 2,3, 4….10 (n-1) Calculate: [prime factor]s for each prime factors. Take 2: first prime factor 22 mod 11 = 4 second prime factor 25 mod 11 = 10 As none of the answer is 1, 2 is a primitive root of 11 Select α = 2
Cont. 3. XA = 8 4. YA = 2 8 mod 11 = 3 5. XB = 4 6. YB = 2 4 mod 11 = 5 7. K at SENDER side = 5 8 mod 11 = 4 8. K at RECEIVER side = 3 4 mod 11 = 4
Elliptic Curve Arithmetic • The principal attraction of ECC, compared to RSA, is that it appears to offer equal security for a far smaller key size, thereby reducing processing overhead. • Disadvantage: Hardware Complexity
Cont. • In ECC operation over elliptic curves called addition is used. • Multiplication is defined by repeated addition a*k=a+a+a+……+a (k times) • A cryptanalyst finds it difficult to find this k even he knows a and ak. • Xy=f(x): its an easy task • But, x= f-1(y): it’s a difficult task. • Finding x becomes easy if an additional value is given, it is called trap door value. • This is called as discrete logarithmic problem for Elliptic curves.
Abelian group • Abelian group G , sometimes denoted by {G,*} , is a set of elements with a binary operation, denoted by * , that associates to each ordered pair (a,b) of elements in G an element (a*b) in G, such that the following axioms are obeyed: (A1) Closure: If a and b belong to G , then a*b is also in G (A2) Associative: a*(b * c) = (a * b) * c for all a ,b,c in G (A3) Identity element: There is an element e in G such that a*e = e*a =a for all in G (A4) Inverse element: For each a in G there is an element a’ in G such that a * a’ = a’*a = e (A5) Commutative: a *b = b *a for all a,b in G
Elliptic Curve over Real Numbers • Weierstrass equation: y2+axy+by=x3+cx2+dx+e where a,b,c,d,e are real numbers. • For our purpose, it is sufficient to limit ourselves to equations of the form : y2 = x3+ax+b • Curve is symmetric to x=0 • If we draw a line it will touch 3 points in the curve.
Elliptic Curve Cryptography • Key Exchange using ECC • ECC Encryption and Decryption
Key Exchange using ECC • A key exchange between users A and B can be accomplished as follows:
Module 2.pptx
ECC Encryption • Let the plain text be M. • It is first converted into a point on Elliptic Curve. • M Pm • Choose a random positive integer number k. • Cipher point = Cm=(KG,Pm+KPB) ; PB Public Key of B
ECC Decryption • Multiply Cm’s first coordinate with receivers private Key. KG , nB • Subtract it from second point of curvature Pm + KB – KG x nB = Pm + KPB – KPB (Substitute: PB = nB x G) = Pm

More Related Content

PPTX
Unit 2
KRAMANJANEYULU1
 
PDF
Block Ciphers and the Data Encryption Standard
Dr.Florence Dayana
 
PDF
Network security R.Rathna Deepa 2nd M.sc.,Computer Science
RathnaDeepa1
 
PDF
sheet4.pdf
aminasouyah
 
PDF
paper4.pdf
aminasouyah
 
PDF
lecture3.pdf
aminasouyah
 
PDF
doc4.pdf
aminasouyah
 
PDF
doc4.pdf
aminasouyah
 
Unit 2
KRAMANJANEYULU1
 
Block Ciphers and the Data Encryption Standard
Dr.Florence Dayana
 
Network security R.Rathna Deepa 2nd M.sc.,Computer Science
RathnaDeepa1
 
sheet4.pdf
aminasouyah
 
paper4.pdf
aminasouyah
 
lecture3.pdf
aminasouyah
 
doc4.pdf
aminasouyah
 
doc4.pdf
aminasouyah
 

Similar to Module 2.pptx (20)

PDF
chap3.pdf
NickySanthosh1
 
PPT
Unit II.ppt.............................
r47381047
 
PPTX
Encryption techniqudgfhgvj,hbkes (2).pptx
huachuhulk
 
PDF
CNS2 unit 2.pdf
Padamata Rameshbabu
 
PDF
Network Security UNIT-II
rathnadeepa2
 
PDF
CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
PPT
Block Cipher Stream Cipher DESUnit 3.ppt
SuryaBasnet3
 
PPTX
presentation based on data encryption standards
Swati Sharma
 
PPTX
Block Ciphers and the data encryption standard.pptx
AmbikaVenkatesh4
 
PPT
13528 l8
ridhika_gulati
 
PPTX
Cryptography and Network Security-MOD_3.pptx
MrsPrajnaUR
 
PPTX
Block Ciphers and DES.pptx
DrAnilKannur1
 
PPT
block ciphers
Asad Ali
 
PDF
Data encryption techniques and standard
Dr Sarika Jadhav
 
PPTX
Symmetric encryption
DR RICHMOND ADEBIAYE
 
PPTX
Block ciphers &amp; public key cryptography
RAMPRAKASHT1
 
PPTX
32.pptx
TapodhirAcharjee2
 
DOCX
Unit 2
Vinod Kumar Gorrepati
 
PDF
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
PPTX
Block Cipher.cryptography_miu_year5.pptx
HodaAhmedBekhitAhmed
 
chap3.pdf
NickySanthosh1
 
Unit II.ppt.............................
r47381047
 
Encryption techniqudgfhgvj,hbkes (2).pptx
huachuhulk
 
CNS2 unit 2.pdf
Padamata Rameshbabu
 
Network Security UNIT-II
rathnadeepa2
 
CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
Block Cipher Stream Cipher DESUnit 3.ppt
SuryaBasnet3
 
presentation based on data encryption standards
Swati Sharma
 
Block Ciphers and the data encryption standard.pptx
AmbikaVenkatesh4
 
13528 l8
ridhika_gulati
 
Cryptography and Network Security-MOD_3.pptx
MrsPrajnaUR
 
Block Ciphers and DES.pptx
DrAnilKannur1
 
block ciphers
Asad Ali
 
Data encryption techniques and standard
Dr Sarika Jadhav
 
Symmetric encryption
DR RICHMOND ADEBIAYE
 
Block ciphers &amp; public key cryptography
RAMPRAKASHT1
 
32.pptx
TapodhirAcharjee2
 
Unit 2
Vinod Kumar Gorrepati
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
Block Cipher.cryptography_miu_year5.pptx
HodaAhmedBekhitAhmed
 
Ad

Recently uploaded (20)

PPTX
web development for engineering and engineering
keshriji700
 
PPTX
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
PDF
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
PPTX
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
PPTX
additive manufacturing of ss316l using mig welding
premcdr7799
 
PDF
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
PDF
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
PPTX
Geodesy 1.pptx...............................................
abhi1361yadav
 
PPTX
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
PDF
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
PPTX
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
PPTX
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
PDF
composite construction of structures.pdf
AinieButt1
 
PPTX
Sustainable Sites - Green Building Construction
mhdumerali
 
PPTX
UNIT-1 - COAL BASED THERMAL POWER PLANTS
Chandra Kumar S
 
PPTX
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
PPTX
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
PPTX
FINAL REVIEW FOR COPD DIANOSIS FOR PULMONARY DISEASE.pptx
rubeshbme
 
PPT
Project quality management in manufacturing
BarMusaTetik
 
PPTX
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
web development for engineering and engineering
keshriji700
 
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
July 2025 - Top 10 Read Articles in International Journal of Software Enginee...
sebastianku31
 
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
additive manufacturing of ss316l using mig welding
premcdr7799
 
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
Geodesy 1.pptx...............................................
abhi1361yadav
 
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
composite construction of structures.pdf
AinieButt1
 
Sustainable Sites - Green Building Construction
mhdumerali
 
UNIT-1 - COAL BASED THERMAL POWER PLANTS
Chandra Kumar S
 
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
FINAL REVIEW FOR COPD DIANOSIS FOR PULMONARY DISEASE.pptx
rubeshbme
 
Project quality management in manufacturing
BarMusaTetik
 
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
Ad

Module 2.pptx

  • 1. CYBER SECURITY AND CRYPTOGRAPHY S3. MCA Module 2 Prepared By SEETHAL PRINCE E Asst. Professor CSE
  • 2. Block Ciphers and Stream Cipher • Stream Cipher: • Encrypts Digital Data Stream 1 bit or 1 byte at a time. • Eg: Vigenere Cipher, Vernam Cipher • Block Cipher • A block of plaintext is treated as a whole and used to produce cipher text block of equal length. • Typically a block size of 64 or 128 bits is used.
  • 4. Block Cipher Design Principles - Feistel Structure • The plaintext is divided into 2 equal halves (Left and Right). • Right Half is applied to a function(Round Function). • The output from this function is XORed with Left half. • Output of this XOR operation and Right half is swapped to make the new left and right. • This entire process is called a ROUND. • This process is repeated to make multi rounds and thus encryption is made stronger
  • 6. Fiestel Encryption • The inputs to the encryption algorithm are a plaintext block of length 2w bits and a key K . • The plaintext block is divided into two halves L0 and R0 • The two halves of the data pass through n rounds of processing and then combine to produce the ciphertext block. • Each round i has Li-1 and Ri-1 derived from the previous round as inputs, as well as a subkey Ki derived from the overall K. • In general, the subkeys Ki are different from K and from each other.
  • 7. Cont.. • All rounds have the same structure. A substitution is performed on the left half of the data. • This is done by applying a round function F to the right half of the data and then taking the exclusive-OR of the output of that function and the left half of the data. • The round function has the same general structure for each round but is parameterized by the round subkey .
  • 8. Fiestel Decryption • Use the ciphertext as input to the algorithm, but use the subkeys in reverse order. • That is, use Kn in the first round, Kn-1 in the second round, and so on, until K1 is used in the last round. • We need not implement two different algorithms; one for encryption and one for decryption.
  • 9. Feistel network depends on the choice of the following parameters and design • Block size: Larger block sizes mean greater security but, reduced encryption/decryption speed for a given algorithm. Traditionally, a block size of 64 bits has been considered. • Key size: Larger key size means greater security but may decrease encryption/ decryption speed. The greater security is achieved by greater resistance to brute-force attacks. Key sizes of 64 bits or less are now widely considered to be inadequate, and 128 bits has become a common size.
  • 10. Cont… • Number of rounds: The essence of the Feistel cipher is that a single round offers inadequate security but that multiple rounds offer increasing security. A typical size is 16 rounds. • Subkey generation algorithm: Greater complexity in this algorithm should lead to greater difficulty of cryptanalysis. • Round function F: Greater complexity generally means greater resistance to cryptanalysis.
  • 11. Modes Of Operation To apply a block cipher in a variety of applications, five modes of operation have been defined: 1. Electronic Code Book Mode 2. Cipher Block Chaining Mode 3. Cipher Feedback Mode 4. Output Feedback Mode 5. Counter Mode
  • 12. 1. Electronic Code Book Mode • The simplest mode is the electronic codebook (ECB) mode, in which plaintext is handled one block at a time and each block of plaintext is encrypted using the same key.
  • 13. 2. Cipher Block Chaining • In this scheme, the input to the encryption algorithm is the XOR of the current plaintext block and the preceding ciphertext block • Same key is used for each block. • To produce the first block of ciphertext, an initialization vector (IV) is XORed with the first block of plaintext. • On decryption, the IV is XORed with the output of the decryption algorithm to recover the first block of plaintext. • The IV is a data block that is that same size as the cipher block.
  • 14. Note: In both Encryption and Decryption Cipher block is chained.
  • 15. 3. Cipher Feedback Mode • The input to the encryption function is a s-bit shift register that is initially set to some initialization vector (IV). • The leftmost (most significant) s bits of the output of the encryption function are XORed with the first segment of plaintext to produce the first unit of ciphertext , which is then transmitted. • The contents of the shift register are shifted left by s bits, and C1 is placed in the rightmost (least significant) s bits of the shift register. • This process continues until all plaintext units have been encrypted.
  • 16. Note: • Not the plaintext but, output of the shift register is Encrypted using the Key • Common value of s=8
  • 17. • For decryption, the same scheme is used, except that the received ciphertext unit is XORed with the output of the encryption function to produce the plaintext unit. • Note that it is the encryption function that is used, not the decryption function.
  • 19. 4. Output Feedback Mode • The output feedback (OFB) mode is similar in structure to that of CFB. • The output of the encryption function is fed back to the shift register in OFB. • OFB mode operates on full blocks of plaintext and ciphertext.
  • 21. Cont.. • OFB mode requires an initialization vector. • Nonce: unique to each execution of the encryption operation. • Advanatge: bit errors in transmission do not propagate. • Disadvantage: more vulnerable to a message stream modification attack.
  • 22. 5. Counter Mode • A counter equal to the plaintext block size is used. • Counter value must be different for each plaintext block. • It is initialized to some value and then incremented by 1 for each subsequent block. • For encryption, the counter is encrypted and then XORed with the plaintext block to produce the ciphertext block. • There is no chaining. • For decryption, the same sequence of counter values is used, with each encrypted counter XORed with a ciphertext block to recover the corresponding plaintext block.
  • 23. Note: T denotes Counters
  • 25. DES – Data Encryption Standard • The most widely used encryption scheme is based on the Data Encryption Standard (DES) adopted in 1977 by the National Bureau of Standards. • Data are encrypted in 64-bit blocks using a 56-bit key. • The algorithm transforms 64-bit input in a series of steps into a 64-bit output. • The same steps, with the same key, are used to reverse the encryption(ie; decryption) • Uses Feistel Structure principles.
  • 27. Cont. • There are two inputs to the encryption function: • the plaintext to be encrypted • the key. • The plaintext must be 64 bits in length and the key is 56 bits in length. (Actually, the function expects a 64-bit key as input. However, only 56 of these bits are ever used; the other 8 bits can be used as parity bits or simply set arbitrarily.)
  • 28. Cont. • At the left-hand side of the figure, we can see that the processing of the plaintext • First, the 64-bit plaintext passes through an initial permutation (IP) that rearranges the bits to produce the permuted input. • This is followed by a phase consisting of sixteen rounds of the same function, which involves both permutation and substitution functions. • The output of the last (sixteenth) round consists of 64 bits that are a function of the input plaintext and the key. • The left and right halves of the output are swapped to produce the preoutput. • Finally, the preoutput is passed through a permutation that is the inverse of the initial permutation function, to produce the 64-bit ciphertext.
  • 29. Cont. • The right-hand portion of Figure shows the way in which the 56-bit key is used. • Initially, the key is passed through a permutation function. • Then, for each of the sixteen rounds, a subkey (Ki) is produced by the combination of a left circular shift and a permutation. • The permutation function is the same for each round, but a different subkey is produced because of the repeated shifts of the key bits.
  • 31. Cont. • The left and right halves of each 64-bit input is treated as separate 32-bit quantities, L (left) and R (right). • The round key is 48 bits. • The input is 32 bits. • This input is first expanded to 48 bits. • This is XORed with Ki. • This 48-bit result passes through a substitution function that produces a 32-bit output. • This is permuted again.
  • 32. Cont. • The role of the S-boxes in the function F is illustrated in Figure. • The substitution consists of a set of eight S-boxes, each of which accepts 6 bits as input and produces 4 bits as output.
  • 33. Cont. • Key Generation • A 64-bit key is used as input to the algorithm. • The key is first subjected to a permutation. • The resulting 56-bit key is then treated as two 28-bit quantities, labeled C0 and D0. • At each round, Ci-1 and Di-1 are separately subjected to a circular left shift. • These shifted values serve as input to the next round. • They also serve as input to the part labeled Permuted Choice Two which produces a 48-bit output that serves as input to the function F(R,K). • DES Decryption • As with any Feistel cipher, decryption uses the same algorithm as encryption, except that the application of the subkeys is reversed.
  • 34. AES – Advanced Encryption Standard • Strongest encryption algorithm. • Symmetric key block cipher. • Block size is 128 bits (plaintext and Cipher text) Rounds No. of bits in key 10 128 12 192 14 256
  • 35. Cont. • Input is in the form of 4x4 matrix • ie; 16 bytes = 128 bits
  • 36. Cont. • No. of keys = No. of rounds +1 • States :- 4x4 matrix , stores intermediate results • Each Round has four different stages • Substitute bytes: Uses an S-box to perform a byte-by-byte substitution of the block • ShiftRows: A simple permutation • MixColumns: A substitution that makes use of arithmetic over • AddRoundKey: A simple bitwise XOR of the current block with a portion of the expanded key • Last round has only 3 stages, MixColums is not in nth round.
  • 37. Cont. • Substitution Bytes: • Also called as SubBytes. • Is a simple table lookup. • Each individual byte of State is mapped into a new byte.
  • 38. Cont. • Shift Rows Transformation Row 1 : 0 or no shift Row 2: 1 byte shift Row 3: 2 byte shift Row 4: 3 byte shift
  • 39. Cont. • MixColums • A constant matrix of size 4x4 is used . • Each word (column) is taken, multiplied with constant 4x4 matrix. • Product word is placed in the corresponding position of output matrix. • This stage is not performed in the last round.
  • 40. Cont. • Add Round Key • 128 bits of State are bitwise XORed with the 128 bits of the round key. • AES Decryption : It is the reverse of Encryption process. • Key is used in reverse order.
  • 41. MULTIPLE ENCRYPTION AND TRIPLE DES • Considering the vulnerabilities in DES, there has been considerable interest in finding an alternative. • One approach is to design a completely new algorithm, of which AES is a prime example. • Another alternative, which would preserve the existing investment in software and equipment, is to use multiple encryption with DES and multiple keys.
  • 42. Double DES • The simplest form of multiple encryption has two encryption stages and two keys • Given a plaintext and two encryption keys, cipher text is generated as: C = E(K2, E(K1, P)) • Decryption requires that the keys be applied in reverse order P = D(K1, D(K2, C)) • But, his is vulnerable to meet-in-the-middle attack
  • 43. Triple DES with Two Keys • It’s a triple encryption method that uses only two keys. • The function follows an encrypt-decrypt-encrypt (EDE) sequence. • C = E(K1, D(K2, E(K1, P))) • P = D(K1, E(K2, D(K1, C))). • 3DES with two keys is a relatively popular alternative to DES
  • 44. PRINCIPLES OF PUBLIC-KEY CRYPTOSYSTEMS • Asymmetric algorithms rely on one key for encryption and a different but related key for decryption. • It is computationally infeasible to determine the decryption key given only knowledge of the cryptographic algorithm and the encryption key.
  • 46. A public-key encryption scheme has 5 ingredients • Plaintext: This is the readable message or data that is fed into the algorithm as input. • Encryption algorithm: The encryption algorithm performs various transformations on the plaintext. • Public and private keys: This is a pair of keys that have been selected so that if one is used for encryption, the other is used for decryption.The exact transformations performed by the algorithm depend on the public or private key that is provided as input. • Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the key. For a given message, two different keys will produce two different ciphertexts. • Decryption algorithm: This algorithm accepts the ciphertext and the matching key and produces the original plaintext.
  • 47. Steps: 1. Each user generates a pair of keys to be used for the encryption and decryption of messages. 2. Each user places one of the two keys in a public register or other accessible file. This is the public key. The companion key is kept. Each user maintains a collection of public keys obtained from others. 3. If Bob wishes to send a confidential message to Alice, Bob encrypts the message using Alice’s public key. 4. When Alice receives the message, she decrypts it using her private key. No other recipient can decrypt the message because only Alice knows Alice’s private key.
  • 48. Ensuring secrecy/confidentiality in public key cryptography • Encryption : using public key • Decryption : using private key • How? • As receiver decrypts the cipher text using his private key, only the authorized receiver can do the decryption.
  • 49. Ensuring authentication in public key cryptography • Encryption : using private key • Decryption : using public key • How? • As the sender encrypts the plaintext using his private key, at the receiver end it can be assured that the cipher text comes from that particular sender.. • The entire message serves as s digital signature of the sender.
  • 50. Ensuring both confidentiality and authentication in public key cryptography
  • 51. RSA [Rivest-Shamir-Adleman] • The RSA scheme is a block cipher in which the plaintext and ciphertext are integers between 0 and n - 1 for some n. • Encryption and decryption are of the following form, for some plaintext block M and ciphertext block C. • Public Key: (e,n) • Private Key: (d,n)
  • 52. Steps: 1. Select two prime numbers, p and q. 2. Calculate n = pq. 3. Calculate f(n) = (p - 1)(q - 1). 4. Select e such that e is relatively prime to f(n) and less than f(n) 5. Determine d such that, de ≡ 1 mod f(n) de mod f(n) = 1
  • 53. RSA Example • Choose p = 3 and q = 11 • Compute n = p * q = 3 * 11 = 33 • Compute φ(n) = (p - 1) * (q - 1) = 2 * 10 = 20 • Choose e such that 1 < e < φ(n) and e and φ (n) are coprime. Let e = 3 • Compute a value for d such that (d * e) % φ(n) = 1. One solution is d = 7 • Public key is (e, n) => (3, 33) • Private key is (d, n) => (7, 33)
  • 54. M=19 Encryption: Cipher Text, C = Me mod n = 193 mod 33 = 6859 mod 33 = 28 Decryption: M = Cd mod n = 287 mod 33 = (282*282 *282*281) mod 33 = (25*25*25*28) mod 33 = 437500 mod 33 = 19 = M
  • 55. Key Management • There are 2 distinct aspect to use public key: • The distribution of public key • The use of public – key encryption to distribute secret keys
  • 56. Distribution of Public Keys • Several techniques have been proposed for the distribution of public keys: 1. Public Announcement 2. Publically available directory 3. Public-key authority 4. Public-key certificates
  • 57. 1. Public Announcement of Public Keys • Point of public-key encryption should be that the public key is public. • Any party can send his or her public key to any other participant or broadcast the key to the community at large. • Disadvantage is that anyone can forge such a public announcement.
  • 58. 2. Public Key Directory Allice 011101011101 Bob 0011000101001 Bimal 0001111100110 …. …. • If the directory is made available to everybody, an attacker can change the values which will disturb the entire system. • Solution: Hire a trusted authority responsible to maintain this file. • Bottle neck problem at the authority happens.
  • 59. 3. Public Key Authority • Each participant knows a public key for the authority, with only the authority knowing the corresponding private key. • This may cause bottle neck in the system. • Because, every user will be trying to contact the authority.
  • 60. 4. Public Key Certificates • Another approach is to use certificates that can be used by participants to exchange keys without contacting a public-key authority. • Each participant will get a certificate made ready from the authority. • Each certificate will have id of the user, timestamp, public key of user along with the authorities signature. • So, when 2 parties has to communicate, they send their certificates to each other.
  • 61. Diffie Hellman Key Exchange Algorithm • Not an encryption algorithm • Used to exchange secret/symmetric key. • Done using Assymetric Encryption
  • 62. Steps: 1. Select a Prime Number –> q 2. Select a number α : α < q and α is primitive root of q [if α modp, α2 modp, α3 modp….. α p-1 mod p gives the answers 1,2,3…p-1 we call α as primitive root of p] 3. Assume XA : Private key of user A, XA <q 4. Calculate YA: Public key of user A, YA= α XA mod q 5. Assume XB : Private key of user B, XB < q 6. Calculate YB : Public key of user B, YB = α XB mod q 7.Calculation of Secret Key at SENDER (A) side : K = (YB)X A mod q 8. Calculation of Secret Key at RECEIVER (B) side : K = (YA)X mod q [After calculation these K must be equal, then we say the key exchange happened successfully]
  • 64. Example : q=11 1. q = 11 2 |10 2. α = ? 5 Steps to find primitive root : n=11 F(n) = n-1 = 10 Find prime factors of 10 : 2 and 5 Take numbers from s = 2,3, 4….10 (n-1) Calculate: [prime factor]s for each prime factors. Take 2: first prime factor 22 mod 11 = 4 second prime factor 25 mod 11 = 10 As none of the answer is 1, 2 is a primitive root of 11 Select α = 2
  • 65. Cont. 3. XA = 8 4. YA = 2 8 mod 11 = 3 5. XB = 4 6. YB = 2 4 mod 11 = 5 7. K at SENDER side = 5 8 mod 11 = 4 8. K at RECEIVER side = 3 4 mod 11 = 4
  • 66. Elliptic Curve Arithmetic • The principal attraction of ECC, compared to RSA, is that it appears to offer equal security for a far smaller key size, thereby reducing processing overhead. • Disadvantage: Hardware Complexity
  • 67. Cont. • In ECC operation over elliptic curves called addition is used. • Multiplication is defined by repeated addition a*k=a+a+a+……+a (k times) • A cryptanalyst finds it difficult to find this k even he knows a and ak. • Xy=f(x): its an easy task • But, x= f-1(y): it’s a difficult task. • Finding x becomes easy if an additional value is given, it is called trap door value. • This is called as discrete logarithmic problem for Elliptic curves.
  • 68. Abelian group • Abelian group G , sometimes denoted by {G,*} , is a set of elements with a binary operation, denoted by * , that associates to each ordered pair (a,b) of elements in G an element (a*b) in G, such that the following axioms are obeyed: (A1) Closure: If a and b belong to G , then a*b is also in G (A2) Associative: a*(b * c) = (a * b) * c for all a ,b,c in G (A3) Identity element: There is an element e in G such that a*e = e*a =a for all in G (A4) Inverse element: For each a in G there is an element a’ in G such that a * a’ = a’*a = e (A5) Commutative: a *b = b *a for all a,b in G
  • 69. Elliptic Curve over Real Numbers • Weierstrass equation: y2+axy+by=x3+cx2+dx+e where a,b,c,d,e are real numbers. • For our purpose, it is sufficient to limit ourselves to equations of the form : y2 = x3+ax+b • Curve is symmetric to x=0 • If we draw a line it will touch 3 points in the curve.
  • 70. Elliptic Curve Cryptography • Key Exchange using ECC • ECC Encryption and Decryption
  • 71. Key Exchange using ECC • A key exchange between users A and B can be accomplished as follows:
  • 73. ECC Encryption • Let the plain text be M. • It is first converted into a point on Elliptic Curve. • M Pm • Choose a random positive integer number k. • Cipher point = Cm=(KG,Pm+KPB) ; PB Public Key of B
  • 74. ECC Decryption • Multiply Cm’s first coordinate with receivers private Key. KG , nB • Subtract it from second point of curvature Pm + KB – KG x nB = Pm + KPB – KPB (Substitute: PB = nB x G) = Pm