Unit 3 Cryptography PDF

Unit 3 ◤ ◤ Classes of Cryptographic Algorithms ▪ Cryptographic algorithms can be categorized into three classes. This categorization is defined on basis of the number of cryptographic keys that are required for the algorithm. ▪ Hash Functions ▪ Symmetric-Key Algorithms ▪ Asymmetric-Key Algorithms ◤ Hash function ◤ ◤ ◤ ◤ ◤ ◤ Cont.. ▪ Hash Functions ▪ Hash functions, also called message digests, use a fixed length hash value to transform the data that makes it difficult for someone to decrypt or change the data without affecting the hash value, thus securing the data from intruders. ▪ Hash functions are the building blocks for modern cryptography. ▪ The data output of the hash algorithm is called hash value or digest. The basic operation of hash functions does not need any key and operate in a one-way manner. ▪ The one-way operation means that it is impossible to compute the input from a particular output. The basic uses of hash functions are: ◤ Cont.. ▪ Hashing is used in some of the implementation of digital signatures ▪ Hashing functions are used for securing the integrity of the message by appending the message with the hash value. If the message is changed, the hash value when recomputed will not match the pre-computed hash value In order to avoid man-in- the middle attacks, it is ideal to send the hash value in a secure way to the intended party. ▪ Hash value is used to store passwords of the operating systems like Microsoft Windows. Here, the original passwords are not stored; instead the SAM corresponding hash values are stored. These provide high security to the passwords, as hash value is not reversible to find out the original password. ◤ ▪ MD5 (Message Digest Function 5), ▪ SHA1 (Secure Hash Algorithm 1), ▪ SHA2 (Secure Hash Algorithm 2), and ▪ SHA3 (Secure Hash Algorithm 3) are the popular hashing functions /algorithms. ▪ MAC (Message Authentication Code) is another popular hash function which is also known as a Keyed Hash Function. ◤ Symmetric algorithm ▪ There are two types of symmetric encryption algorithms: ▪ Block algorithms: Set lengths of bits are encrypted in blocks of electronic data with the use of a specific secret key. As the data is being encrypted, the system holds the data in its memory as it waits for complete blocks. ▪ Stream algorithms: Data is encrypted as it streams instead of being retained in the system’s memory. ◤ Some examples of symmetric encryption algorithms include: ▪ AES (Advanced Encryption Standard) ▪ DES (Data Encryption Standard) ▪ IDEA (International Data Encryption Algorithm) ▪ Blowfish (Drop-in replacement for DES or IDEA) ▪ RC4 (Rivest Cipher 4) ▪ RC5 (Rivest Cipher 5) ▪ RC6 (Rivest Cipher 6) ▪ AES, DES, IDEA, Blowfish, RC5 and RC6 are block ciphers. ▪ RC4 is stream cipher. ◤ Block Cipher ▪ Block Cipher takes a message and break it into a fixed size of blocks and converts one block of the message at an instant. ▪ For example, we have a message in plain text “STREET_BY_STREET” required to be encrypted. Using bock cipher, “STREET” must be encrypted at first, followed by “_BY_” and finally at last “STREET”. ▪ In actual practice, communication takes place only in bits. ▪ Therefore, STREET actually means the binary equivalent of ASCII character of STREET. ◤ Cont.. ▪ Subsequently, any algorithm encrypts these; the resultant bits are transformed back into their ASCII equivalent. ▪ An evident problem regarding the usage of Block ciphers is repeating text, for which the same cipher is generated. ▪ Hence, it would give a hint to the cryptanalyst which makes it is easier to figure out the recurring strings of plain text. ▪ As a result, it can reveal the whole message. ◤ Cont.. ▪ To overcome from this problem the chaining mode is used. ▪ In this technique, the preceding block of cipher text is mixed with the current block, so as to the cipher text , this avoids the recurring patterns of blocks with the same content. ◤ Stream Cipher ▪ Stream Cipher typically encrypts one byte of the message at that moment instead of using blocks. ▪ Let’s take an example, suppose the original message (plain text) is “blue sky” in ASCII (i.e. text format). ▪ When you convert these ASCII into equivalent binary values, it will give the output in 0’s and 1’s form. Let it be translated in 010111001. ◤ ◤ Cont.. ◤ Cont.. ▪ For encryption and decryption, a pseudorandom bit generator is used in which a key and plain text are loaded. ▪ A pseudorandom bit generator creates a stream of 8-bit numbers that are seemingly random known as keystream. ▪ Let the input key is 100101011. Now the key and plaintext are XORed. The XOR logic is simple to understand. ▪ XOR produces an output of 1 when one input is 0, and the other is 1. ▪ The output is 0 if either both the inputs are 0 or both the inputs are 1. Difference ◤ ◤ Confusion Diffusion ▪ Confusion is a method which guarantees that a cipher text gives no clue about the original plain text. ▪ Diffusion is a strategy used to enhance the redundancy of the plain text by spreading it across rows and columns. ▪ Diagram : https://www.google.com/search? q=confusion+and+diffusion+in+cryptography&rlz=1C1JJTC_enI N960IN960&source=lnms&tbm=isch&sa=X&ved=2ahUKEwjsn8 a6wMbzAhUjyjgGHRdEDSYQ_AUoAnoECAEQBA&biw=1024&b ih=600&dpr=1#imgrc=oz0Iiq02j6iIKM ◤ Confusion Diffusion https://i0.wp.com/wentzwu.com/wp-content/uploads/2019/09/confusion-and-diffusion-1.jpg?resize=584%2C329&ssl=1 ◤ Block Cipher Modes of Operations ▪ To apply a block cipher in a variety of applications, five "modes of operation" have been defined. ▪ The five modes are intended to cover a wide variety of applications of encryption for which a block cipher could be used. ▪ These modes are intended for use with any symmetric block cipher, including triple DES and AES. 1. Electronic Code Book (ECB) 2. Cipher Block Chaining (CBC) 3. Cipher Feedback (CFB) 4. Output Feedback (OFB) 5. Counter (CTR) ◤ 1. Electronic Code Book (ECB) ▪ In ECB Mode Plaintext handled one block at a time and each block of plaintext is encrypted using the same key. ▪ The term codebook is used because, for a given key, there is a unique ciphertext for every b-bit block of plaintext. ◤ P1 1. ECB Encryption P2 & Decryption PN 64-bit 64-bit 64-bit K K K Encrypt Encrypt … Encrypt 64-bit 64-bit 64-bit C1 C2 CN C1 C2 CN 64-bit 64-bit 64-bit K Decrypt K Decrypt … K Decrypt 64-bit 64-bit 64-bit P1 P2 PN ◤ Electronic Code Book - Cont… ▪ Strength: it’s simple. ▪ Weakness: o Repetitive information contained in the plaintext may show in the ciphertext, if aligned with blocks. o If the message has repetitive elements with a period of repetition a multiple of b bits, then these elements can be identified by the analyst. ▪ Typical application: o Secure transmission of short pieces of information (e.g. a temporary encryption key) ◤ 2. Cipher Block Chaining (CBC) ▪ CBC is a technique in which the same plaintext block, if repeated, produces different ciphertext blocks. ▪ In this scheme, the input to the encryption algorithm is the XOR of the current plaintext block and the preceding ciphertext block; the same key is used for each block. ▪ To produce the first block of ciphertext, an initialization vector (IV) is XORed with the first block of plaintext. ▪ On decryption, the IV is XORed with the output of the decryption algorithm to recover the first block of plaintext. 2. CBC - Encryption & Decryption P1 P2 PN IV CN- K K … K 1 Encrypt Encrypt Encrypt C1 C2 CN C1 C2 CN K … K K Decrypt Decrypt Decrypt IV CN- 1 P1 P2 PN ◤ 2. Cipher Block Chaining (CBC) – Cont… ▪ Strength: because of the chaining mechanism of CBC, it is an appropriate mode for encrypting messages of length greater than b bits ▪ Typical application: o General-purpose block oriented transmission o Authentication ◤ 3. Cipher Feedback Mode (CFB) ▪ For AES, DES, or any block cipher, encryption is performed on a block of b bits. In DES, b = 64 and in AES, b = 128. ▪ However, it is possible to convert a block cipher into a stream cipher, using cipher feedback (CFB) mode, output feedback (OFB) mode, and counter (CTR) mode. ▪ A stream cipher eliminates the need to pad a message to be an integral number of blocks. 3. CFB Encryption CN- Shift register b-s bits | Shift register b- IV s bits 1 s bits | s bits K K K Encrypt Encrypt Encrypt Select s bits Discard b-s bits Select s Discard bits b-s bits … Select s bits Discard b-s bits S bits S bits S bits P1 P2 PN C1 C2 CN S bits S bits S bits 3. CFB Decryption CN- Shift Shift IV register b-s 1 register b-s bits | s bits bits | s bits K K K Encrypt Encrypt Encrypt Selec Discar ts d b-s Selec Discar ts d b-s … Selec Discar ts d b-s bits bits bits bits bits bits C1 C2 CN S bits S bits S bits P1 P2 PN S bits S bits S bits ◤ CFB Mode ▪ The input to the encryption function is a b-bit shift register that is initially set to some initialization vector (IV). ▪ The leftmost (most significant) s bits of the output of the encryption function are XORed with the first segment of plaintext P1 to produce the first unit of ciphertext C1 , which is then transmitted. ▪ In addition, the contents of the shift register are shifted left by s bits, and C1 is placed in the rightmost (least significant) s bits of the shift register. ▪ For decryption, the same scheme is used, except that the received ciphertext unit is XORed with the output of the encryption function to produce the plaintext unit. ◤ 4. Output Feedback Mode (OFB) ▪ The output feedback (OFB) mode is similar in structure to that of CFB. ▪ For OFB, the output of the encryption function is fed back to become the input for encrypting the next block of plaintext. ▪ In CFB, the output of the XOR unit is fed back to become input for encrypting the next block. ▪ The other difference is that the OFB mode operates on full blocks of plaintext and ciphertext, whereas CFB operates on an s-bit subset. ▪ Nonce: A time-varying value that has at most a negligible chance of repeating, for example, a random value that is generated anew for each use, a timestamp, a sequence number, or some combination of these. 4. OFB Encryption Nonce K K K Encrypt Encrypt … Encrypt P1 P2 PN C1 C2 CN 4. OFB Decryption Nonc e K K K Encrypt Encrypt … Encrypt C1 C2 CN P1 P2 PN ◤ OFB Mode ▪ Each bit in the ciphertext is independent of the previous bit or bits. ▪ This avoids error propagation ▪ Pre-compute of forward cipher is possible ◤ 5. Counter Mode (CTR) ▪ Counter (CTR) mode has increased recently with applications to ATM (asynchronous transfer mode) network security and IP sec (IP security). ▪ A counter equal to the plaintext block size is used. ▪ The counter value must be different for each plaintext block that is encrypted. ▪ Typically, the counter is initialized to some value and then incremented by 1 for each subsequent block 5. CTR Encryption Counter 1 Counter 2 Counter N K K K Encrypt Encrypt … Encrypt P1 P2 PN C1 C2 CN 5. CTR Decryption Counter Counter Counter 1 2 N K K K Encrypt Encrypt … Encrypt C1 C2 CN P1 P2 PN ◤ Advantages of the CTR Mode ▪ Strengths: o Needs only the encryption algorithm o Random access to encrypted data blocks o blocks can be processed (encrypted or decrypted) in parallel o Simple; fast encryption/decryption ▪ Counter must be o Must be unknown and unpredictable o pseudo-randomness in the key stream is a goal ◤ Feistel Cipher Structure ▪ Feistel Cipher is not a specific scheme of block cipher. ▪ It is a design model from which many different block ciphers are derived. DES is just one example of a Feistel Cipher. ▪ A cryptographic system based on Feistel cipher structure uses the same algorithm for both encryption and decryption. ◤ Cont..Encryption Process ▪ The encryption process uses the Feistel structure consisting multiple rounds of processing of the plaintext, each round consisting of a “substitution” step followed by a permutation step. ▪ Feistel Structure is shown in the following illustration − ◤ ◤ ◤ Cont.. ◤ Cont.. ▪ The input block to each round is divided into two halves that can be denoted as L and R for the left half and the right half. ▪ In each round, the right half of the block, R, goes through unchanged. But the left half, L, goes through an operation that depends on R and the encryption key. ▪ First, we apply an encrypting function ‘f’ that takes two input − the key K and R. The function produces the output f(R,K). Then, we XOR the output of the mathematical function with L. ▪ In real implementation of the Feistel Cipher, such as DES, instead of using the whole encryption key during each round, a round- dependent key (a subkey) is derived from the encryption key. ▪ This means that each round uses a different key, although all these subkeys are related to the original key. ◤ Cont.. ▪ The permutation step at the end of each round swaps the modified L and unmodified R. Therefore, the L for the next round would be R of the current round. And R for the next round be the output L of the current round. ▪ Above substitution and permutation steps form a ‘round’. The number of rounds are specified by the algorithm design. ▪ Once the last round is completed then the two sub blocks, ‘R’ and ‘L’ are concatenated in this order to form the ciphertext block. ▪ The difficult part of designing a Feistel Cipher is selection of round function ‘f’. ▪ In order to be unbreakable scheme, this function needs to have several important properties that are beyond the scope of our discussion. ◤ Cont.. Decryption Process ▪ The process of decryption in Feistel cipher is almost similar. Instead of starting with a block of plaintext, the ciphertext block is fed into the start of the Feistel structure and then the process thereafter is exactly the same as described in the given illustration. ▪ The process is said to be almost similar and not exactly same. In the case of decryption, the only difference is that the subkeys used in encryption are used in the reverse order. ▪ The final swapping of ‘L’ and ‘R’ in last step of the Feistel Cipher is essential. If these are not swapped then the resulting ciphertext could not be decrypted using the same algorithm. ◤ Cont.. ▪ Block size : Larger block size provides more security. ▪ Key size: Larger keysize gives more security but it mat decrease speed of encryption and decryption ▪ No. round : More round gives more security. ▪ Function : More complex function will give more security against hacking. ◤ DES(Data Encryption Standard) ▪ It is the algorithm which is use the concept of symmetric key encryption. ▪ The Data Encryption Standard (DES) is a symmetric-key block cipher published by the National Institute of Standards and Technology (NIST). ◤ Overview of algorithm ▪ It uses feistel structure for encryption and decryption process. ▪ Type: Block Cipher ▪ Size of Plain Text each block: 64 bits ▪ No. of rounds: 16 ▪ Key Size : 64 bit then converted into 56 bit and then 48 bit subkey ▪ Each round must have separated key generated from 64 bit key. ▪ No. of sub key : 16 ▪ Each subkey size: 48 bits ▪ Size of cipher text: 64 bits ◤ Basic block diagram ◤ ◤ Cont.. Round Function ◤ Table use for calculation ◤ Cont.. Expansion of P-Box ◤ Role of S-box ◤ Working of s-box ▪ The outer two bits of each group select one row of an S-box. ▪ Inner four bits selects one column of an S-box. ▪ Total 8 S-box are used for generating 32 bit out put from 48 bit input from expansion operation. ▪ 2 bits are used for rows means 4 possibilities, so row for each S-box are 4. ▪ 4 bits are used for column means 16 possibilities , So column for each s-box are 16. ◤ Example of s-box ◤ Key operation ◤ Cont.. ◤ Avalanche Effect ▪ Desirable property of any encryption algorithm is that a change in one bit of the plaintext or of the key should produce a change in many bits of cipher text. ▪ DES performs strong avalanche effect. ▪ Although the two plaintext blocks differ only in the rightmost bit, the ciphertext blocks differ in 29 bits. ▪ This means that changing approximately 1.5 % of the plaintext creates a change of approximately 45 % in the ciphertext.

Unit 3 Cryptography PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue