cryptographyandnetworksecu-module-1.pptx

Classical Encryption Techniques Cryptography is the science of disguising messages so that only the intended recipient can decipher the received message. Cryptography is the essential for data security — besides providing for message confidentiality, it also helps in providing message integrity, authentication, and digital signatures. The original message or document to be transferred is called plaintext The plaintext which is encrypted is called ciphertext . The process of converting the original plaintext to ciphertext is called encryption The process of recovering the original plaintext from the ciphertext is called decryption .

Encryption involves the use of an encryption function or algorithm, denoted by E, and an encryption key , e. Decryption involves the use of a decryption function denoted by D, and a decryption key, d. These operations are summarized below. c = Ee (p) p = Dd (c) Here, p denotes a block of plaintext. It is encrypted by the sender to produce ciphertext denoted by c. Decryption operation is performed by the receiver on the ciphertext to recover the plaintext.

Symmetric Cipher Model There are two requirements for secure use of conventional encryption A strong encryption algorithm Sender and receiver must have obtained copies of secrete key

Cryptography Cryptographic systems are characterized along three independent dimensions The type of operations used for transforming plaintext to ciphertext all encryption algorithms are based on two general principles Substitution – each element in the plaintext is mapped into another element Transposition– in which elements in the plaintext are arranged The number of keys used Symmetric key or single key or secret key or conventional encryption– both sender and receiver use same key Asymmetric key or two-key or public key encryption – both sender receiver use different key The way in which the plaintext is processed Block cipher – processes the input one block of elements at a time and produces an output block of same size. Stream cipher – processes the input elements continuously and producing output one element at a time

Cryptanalysis and Brute-Force Attack The objective of attacking an encryption system is to recover the key There are two general approaches to attacking a conventional encryption algorithm Cryptanalysis Brute-force attack Cryptanalysis Depend on algorithm and some knowledge of plaintext or plaintext- ciphertext pairs. Various types of cryptanalytic attack based on information known to cryptanalyst. During ciphertext -only attacks, The attacker has access only to a number of encrypted messages. He has no idea what the plaintext data or the secret key may be. The goal is to recover as much plaintext messages as possible or (preferably) to guess the secret key. After discovering the encryption key, it will be possible to break all the other messages which have been encrypted by this key.

Type of attack Known to cryptanalysis Ciphertext only Encryption algorithm Ciphertext Known plaintext Encryption algorithm Ciphertext One or more plaintext- ciphertext pairs formed with the secrete key Chosen plaintext Encryption algorithm Ciphertext Plaintext message chosen by cryptanalyst , together with its corresponding ciphertext generated with the secrete key Chosen ciphertext Encryption algorithm Ciphertext Ciphertext chosen by cryptanalyst, together with its corresponding decrypted plaintext generated with the secret key Chosen text Encryption algorithm Ciphertext Plaintext message chosen by cryptanalyst , together with its corresponding ciphertext generated with the secrete key Ciphertext chosen by cryptanalyst, together with its corresponding decrypted plaintext generated with the secret key

Brute-Force Attack Attacker tries every possible key on ciphertext till plaintext obtained On an average half of the possible keys must be tried to achieve ccess If the original message is first plaintext in English, it is easy to recognize the plaintext when trial and error method is chosen to decrypt. If the text message is compressed before encryption recognition is more difficult. Substitution Techniques Two basic building blocks of encryption techniques are Substitution and Transposition Substitution technique is one in which letters of plaintext are replaced y other letters or numbers or symbols Caesar cipher Mono-alphabetic cipher Playfair cipher Hill cipher Poly alphabetic cipher One time pad

Caesar cipher The simplest substitution cipher is Caesar cipher Involves replacing each letter of the alphabet with the letter standing three places further down the alphabet For example plain: hi everyone cipher: kl hyhubrqh The algorithm is expressed as For each plaintext letter P, substitute the ciphertext letter C C = E(3,P) = (P+3) mod 26 P = D(3,C) = (C-3) mod 26 Plain a b c d e f g h i j k l m n o p q r s t u v w x y Z Cipher d e f g h i j k l m n o p q r s t u v w x y z a b c Plain a b c d e f g h i j k l m n o p q r s t u v w x z Y Cipher 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

Monoalphabetic Ciphers Is a cipher in which letters of the plaintext are mapped to ciphertext letters based on the single alphabetic key. for example : Ex: plain : H E L L O W O R L D Cipher : A I B B Z F Z Q B W Monoalphabet cipher are easy to break because they reflect the frequency data of original alphabet. Plain a b c d e f g h i j k l m n o p q r s t u v w x y z Cipher d h r w i k s a u c j b e o z l g q n p t m f y x v

Playfair cipher Best known multiple letter encryption cipher It is based on 5*5 matrix of letters constructed using key Ex : key : MONARCHY M O N A R C H Y B D E F G I/J K L P Q S T U V W X Z

Plaintext is encrypted 2 letters at a time by applying following rules Repeating plaintext letters that are in the same pair are separated with a filler letter, ex : balloon is replaced with ba lx lo on Two plaintext letters that fall in the same row of the matrix are each replaced by the letter to the right with the first element of the row circularly following the last. Ex: ar is encrypted as RM Two plaintext letters that fall in the same column are each replaced by the letter beneath, with the top element of the column circularly following the last. Ex: mu is encrypted as CM Each plaintext letter in a pair is replaced by the letter that lies in its own row and the column occupied by the other plaintext letter. Ex: BP is replaced with IM If the letter is alone in process of pairing then add an extra bogus letter with it. Ex: hel …… he lz . Ex: plaintext : instruments …. Paired as… in st ru me nt sz …. ciphertext : GA TL MZ CL RQ TX

Hill cipher It takes m successive plaintext letters and substitute for them m ciphertext letters The substitution is determined by m linear equations in which each character is assigned a numerical value (a=0,b=1….z=25) For m=3, the system can be described as c1 = (k11p1 + k21p2 + k31p3) mod 26 c2 = (k12p1 + k22p2 + k32p3) mod 26 c3 = (k13p1 + k23p2 + k33p3) mod 26 This can be expressed in terms of row vectors and matrices k11 k12 k13 (c1 c2 c3) = (p1 p2 p3) k21 k22 k23 or C = PK mod 26 k31 k32 k33 P = C K -1 Mod 26 where C and P are row vectors of length 3 representing ciphertext and plaintext and K is encryption key (3*3 matrix)

Hill cipher Ex: Plaintext : ACT (m=3). The key is ‘GYBNQKURP’, which in the form of an nxn matrix looks like below: ACT’ is written in the form of the following vector: a b c d e f g h i j k l m n o p q r s t u v w x y Z 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

Hill cipher The resulting enciphered vector will be: This results in the ciphertext of ‘POH’. Hill Cipher Decryption The inverse of the matrix will be:

Hill cipher Ciphertext ‘POH’, multiplying it with the inverse matrix gives: The output vector gives back ‘ACT’.

Polyalphabetic cipher Vigenere cipher : One of the simplest polyalphabetic cipher Assume plaintext P = P0,P1,P2…….,Pn-1 Key K = K0,K1,K2…..Km-1 (m<n) ciphertext C = C0,C1C2……..,Cn-1 Then C = E(K,P) = E[ (K0,K1,K2…Km-1), (P0,P1,P2…….Pn-1) ] First letter of the key is added to first letter of plaintext mod 26. Then second letter of key is added to first letter of plaintext mod 26 so on…. for next m letters of plaintext, key is repeated till all the plaintext is encrypted. Ex : Plaintext : we are discovered saved yourself key : deceptive Plain : 22 4 0 17 4 3 8 18 2 14 21 4 17 4 3 18 0 21 4 24…. Key : 3 4 2 4 15 19 8 21 4 3 4 2 4 15 19 8 21 4 3 4 …. Cipher: 25 8 2 21 19 22 16 13 6 17 25 6 21 19 22 0 21 25 7 2…. Z I C V T W Q N G R Z G V T W A V Z H C ….. CIPHER - KEY = PLAINTEXT

Polyalphabetic cipher VERNAM cipher : ENCRYPTION: Ex : Plaintext : HELLO key : NCBTA Plain : 7 4 11 11 14 Key : 13 2 1 19 0 Cipher : 20 6 12 30 14 - 26 4 U G M E 0 DECRYPTION: Cipher : 20 6 12 4 14 Key : 13 2 1 19 0 Plain : 7 4 11 -15 14 + 26 11 H E L L O

Polyalphabetic cipher VERNAM cipher : ENCRYPTION: Ex : Plaintext : HELLO key : PLUTO CIPHERTEXT : 24 9 25 24 0 (OR HEXADECIMAL NO 18, 9, 19, 18, 0 ) DECRYPTION: PLAIN H 01001000 E 01000101 L 01001100 L 01001100 O 01001111 KEY P 01010000 L 01001100 U 01010101 T 01010100 O 01001111 CIPHER 00011000 - 24 00001001 -9 00011001 -25 00011000 -24 00000000 -0 CIPHER 00011000 - 24 00001001 -9 00011001 -25 00011000 -24 00000000 -0 KEY P 01010000 L 01001100 U 01010101 T 01010100 O 01001111 PLAIN H 01001000 E 01000101 L 01001100 L 01001100 O 01001111

ONE TIME PAD It uses random key that is as long as the message. So key is not repeated. Each new message requires new key of same length so the name one time pad Produces random output that has no statistical relationship to plaintext Ex : plain : O U T S I D E ------- 14 20 19 18 8 3 4 OTP : W E I U F G W ------- 22 4 8 20 5 6 22 36 24 27 38 13 9 26 % 26 ENCRYPTION 10 24 1 12 13 9 0 cipher : K Y B M N J A Cipher : K Y B M N J A ------- 10 24 1 12 13 9 0 OTP : W E I U F G W ------- 22 4 8 20 5 6 22 -12 20 -7 -8 8 3 -22 add 26 for – ve no DECRYPTION 14 20 19 18 8 3 4 Plain : O U T S I D E

Traditional Block Cipher structure Stream cipher and Block cipher Block cipher Stream cipher It is a type of encryption where the conversion of plaintext to ciphertext is performed by taking its block at a time Is type of encryption where conversion of plaintext is performed by taking 1 byte at a time More bit get converted specifically 64 bits or more could get converted at a time 8 bits get converted at a time Uses both confusion and diffusion principle for conversion required for encryption Uses only confusion principle for conversion Main implementation of block is feistel structure Implementation of stream cipher is vernam cipher Uses electronic code book [ECB], cipher block chaining [CBC] algorithm Uses CFB (cipher feedback and OFB (output feedback) algorithm Decryption is comparatively complex Decryption is comparatively simple

Traditional Block Cipher structure Stream cipher and Block cipher Block cipher Stream cipher

Motivation for F eistel cipher structure A block cipher operates on n-bits of plaintext to produce n-bits of ciphertext For encryption to be reversible (decryption) Block size and key size If block size is small, system is vulnerable to statistical analysis of plaintext If block size is too large, statistical analysis is infeasible For n bit block cipher key size is n*2 n bits 2 bit block cipher key size is 2*2 2 bits = 2*4 = 8 bits Similarly for 4 bits, key size will be 4*2 4 bits = 2*8 = 16 bits

Feistel cipher structure Is an ideal block cipher by utilizing concept of product cipher, which is execution of 2 or more simple cipher in sequence such that final result is cryptographically strong The essence of the approach is to develop a block cipher with the key length of k bits and a block length of n bits, allowing a total of 2 k possible transformations . Feistel structure uses 2 elements Substitution – each plaintext element is uniquely replaced by corresponding ciphertext elements Permutation – sequence of plaintext elements is replaced by permutation of that sequence Two methods are used for secure cipher Diffusion Confusion

Difusion Every block cipher involves a transformation of a block of plaintext into a block of ciphertext , where the transformation depends on the key. Used to make statistical relationship between plaintext and ciphertext as complex as possible when an attacker tries to discover the key If 1 bit change/modify in the plaintext, may or all ciphertext will be changed/modified. Confusion Use to make the relationship between the statistics of ciphertext and the value of encryption key as complex as possible when an attacker tries to discover the key If 1 bit change in the key then there will be all or most of the bits changed I the ciphertext Relationship between ciphertext and key is masked

Feistel cipher structure Encryption process

Feistel cipher structure Decryption process

Encryption process Inputs to this encryption algorithm are a plaintext block of 2w bits and a key K The plaintext block is divided into 2 halves L0 and R0 The 2 halves of the data pass through n rounds of processing and then combine to produce the ciphertext block Each round is has Li -1 and Ri -1 derived from the previous round, as well as a subkey Ki derived from the overall K . The subkeys Ki are different from K and from each other All rounds have the same structure. A substitution is performed on the left half of the data. Applying a round function F ( F ( REi , Ki +1 ) ) to the right half of the data and then taking the exclusive-OR of the output of that function and the left half of the data . The round function has the same general structure for each round A permutation is performed that consists of the interchange of the two halves of the data

Encryption process parameters and design features: • Block size: Larger block sizes mean greater security (all other things being equal ) but reduced encryption/decryption speed for a given algorithm. The greater security is achieved by greater diffusion. Traditionally, a block size of 64 bits has been considered a reasonable tradeoff and was nearly universal in block cipher design. However, the new AES uses a 128-bit block size . • Key size: Larger key size means greater security but may decrease encryption/decryption speed. The greater security is achieved by greater resistance to brute-force attacks and greater confusion. Key sizes of 64 bits or less are now widely considered to be inadequate, and 128 bits has become a common size . • Number of rounds: The essence of the Feistel cipher is that a single round offers inadequate security but that multiple rounds offer increasing security. A typical size is 16 rounds. • Subkey generation algorithm: Greater complexity in this algorithm should lead to greater difficulty of cryptanalysis. • Round function F: Again, greater complexity generally means greater resistance to cryptanalysis.

Encryption process There are two other considerations in the design of a Feistel cipher: Fast software encryption/decryption : Ease of analysis: if the algorithm can be concisely and clearly explained, it is easier to analyze that algorithm for cryptanalytic vulnerabilities and therefore develop a higher level of assurance as to its strength. Decryption Algorithm Input is ciphertext and the subkeys Ki ( reverse order). Use Kn in the first round, Kn -1 in the second round, and so on, until K 1 is used in the last round. LEi and REi for data traveling through the encryption algorithm and LDi and RDi for data traveling through the decryption algorithm.

Feistel cipher structure For the i th iteration of the encryption algorithm, LEi = REi -1 REi = LEi -1 F( REi -1 , Ki ) For the i th iteration of the decryption algorithm REi -1 = LEi LEi -1 = REi F ( REi -1, Ki )

Data Encryption Standard (DES ) Follows Fiestel structure Block size is 64 bits of plaintext Number rounds 16 Key size is 56 bits number of subkeys is 16 Ciphertext is 64 bits There are two inputs to the encryption function: plaintext and key The processing of the plaintext proceeds in three phases .(Lt hand side) initial permutation (IP ) Sixteen rounds Preoutput

Data Encryption Standard (DES ) The right-hand portion shows the way in which the 56-bit key is used. Initially , the key is passed through a permutation function. Then , for each of the sixteen rounds , a subkey ( Ki ) is produced by the combination of a left circular shift and a permutation. The permutation function is the same for each round, but a different subkey is produced because of the repeated shifts of the key bits.

Avalanche Effect A desirable property of any encryption algorithm is that a small change in either the plaintext or the key should produce a significant change in the ciphertext A change in one bit of the plaintext or one bit of the key should produce a change in many bits of the ciphertext The strength of DES 1) The Use of 56-Bit Keys

2)The Nature of the DES Algorithm Focus of concern has been on the eight substitution tables, or S-boxes, that are used in each iteration These boxes were not made public No one has so far succeeded in discovering the supposed fatal weaknesses in the S-boxes. 3)Timing Attacks

cryptographyandnetworksecu-module-1.pptx

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

cryptographyandnetworksecu-module-1.pptx

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

8-top-ai-courses-for-customer-support-representatives-in-2025.pptx

7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx

25-essential-ai-courses-for-user-support-specialists-in-2025.pptx

8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx

Know for Certain

PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx