This document provides an introduction and overview of information system security. It covers topics such as security attacks, services, and mechanisms. The document is divided into multiple units that cover encryption techniques like the Data Encryption Standard (DES) and advanced topics such as public key cryptosystems, hash functions, and IP security. DES encryption is explained in detail, covering aspects like its history, design, encryption process, key generation, decryption, and strengths/limitations. Feistel ciphers and their design principles are also summarized.
2. INTRODUCTION OF SUBJECT
INFORMATION
SYSTEM
SECURITY
Data can be defined as a representation of facts,
concepts or instructions in a formalized manner which
should be suitable for communication, interpretation,
or processing by human or electronic machine
A set of detailed methods, procedures and routines
created to carry out a specific activity, perform a
duty, or solve a problem.
In information technology, security is the protection
of information assets through the use of technology,
processes, and training.
3. INDEX
UNIT 1:- Introduction to security attacks
UNIT 2:- AES, RC6, random number generation
UNIT 3:- Public Key Cryptosystems
UNIT 4:- Message Authentication and Hash Function
UNIT 5:- Pretty Good Privacy, IP Security
4. UNIT 1-CONTENTS
1.1 Introduction to security attacks Services and mechanism
1.1.1 Security Attacks
1.1.2 Passive and Active Attacks
1.1.3 Passive Attack
1.1.4 Active Attack
1.1.5 Security Services
1.1.6 Basic Vocabulary of Encryption and Decryption
1.2 Classical encryption techniques
1.2.1 Substation Technique
1.2.2 Transposition Techniques
1.3 Cryptanalysis, stream and block ciphers
1.3.1 Stream and Block Ciphers
1.4 Modern Block Ciphers: Block ciphers principals
1.4.1 Block Cipher Principles
1.4.2 Ideal Block Cipher
1.5 Shannon’s theory of confusion and diffusion
5. 1.6 Fiestal structure
1.6.1 Feistel Cipher Structure
1.6.2 Feistel Cipher
1.6.3 Design Features of Feistel Network
1.7 Data encryption standard(DES)
1.7.1 History
1.7.2 DES Design Controversy
1.7.3 DES Encryption
1.7.4 Initial Permutation IP
1.7.5 DES Round Structure
1.7.6 DES Round Structure
1.7.7 Substitution Boxes S
1.7.8 DES Key Schedule
1.7.9 DES Decryption
1.7.11 Strength of DES – Key Size
1.7.12 Strength of DES – Timing Attacks
1.8 Differential and linear cryptanalysis of DES
1.8.1 Differential Cryptanalysi
1.8.2 Linear Cryptanalysis
6. 1.9 Block cipher modes of operations.
1.9.1 Quick History
1.9.2 Modes of Operation Taxonomy
1.9.3 Technical Notes
1.9.4 Electronic Codebook Book (ECB)
1.9.5 ECB Scheme
1.9.6 Cipher Block Chaining (CBC)
1.9.7 CBC Scheme
1.9.8 Cipher FeedBack (CFB)
1.9.9 CFB Scheme
1.9.10 CFB Encryption/Decryption
1.9.11 CFB as a Stream Cipher
1.9.12 Output FeedBack (OFB)
1.9.13 OFB Scheme
1.9.14 OFB as a Stream Cipher
1.9.15 Counter (CTR)
1.9.16 CTR Scheme
1.9.17 OFB as a Stream Cipher
1.10 Triple Data Encryption Standard (Triple-DES)
1.10.1 Triple DES Algorithm
7. 1.1 INTRODUCTION TO SECURITY
ATTACKS SERVICES AND MECHANISM
Three aspects of Information Security:
Security Attack: Any
action that
Compromises the
Security of Information
Security Mechanism:
a mechanism that is
designed to detect,
prevent or recover
from a security attack.
Security Service: A
Service that enhances
the security of data
processing systems and
information transfers. A
security services makes
use of one or more
security mechanisms.
9. SECURITY ATTACKS
Interruption: This is an attack on availability
Interception: This is an attack on confidentiality
Modfication: This is an attack on integtrity
Fabrication: This is an attack on authenticity
10. Security Attacks
Interruption: An asset of the system is destroyed
or becomes unavailable or unusable.
This is an attack or availability
Examples:
Destroying some H/W (disk or wire)
Disabling file system.
Swamping a computer with jobs or
communication link with packets.
11. Security Attacks
Interception:-An unauthorized part gain access
to an asset.
This is an attacks on confidentiality
Example:-
Wiretapping to capture data in a network.
Illicitly copying data or programs.
12. Security Attacks
Modification: an unauthorized part gains
access and tampers an asset.
This is an attack on integrity.
Examples:
Changing data files.
Altering a program.
Altering the contents of a message.
13. Security Attacks
Fabrication: An unauthorized party inserts a
counterfeit object into the system.
This is an attack on authenticity.
Examples:
Insertion of records in data files.
Insertion of spurious messages in a network.
(message replay)
15. 1.1.2 PASSIVE AND ACTIVE ATTACKS
Active attacksPassive attacks
• No modification of content or fabrication
• Eavesdropping to learn contents or other information
(transfer patterns, traffic flows etc.)
• Modification of content and/or participation in
communication to
•Impersonate legitimate parties
•Modify the content in transit
•Launch denial of service attacks
20. 1.1.6 SECURITY SERVICES
A security service is a service provided by the
protocol layer of a communicating system (X.800)
5 Categories
Authentication
Access Control
Data confidentiality
Data Integrity
Nonrepudiation (and Availability)
21. 1.1.7 Basic Vocabulary of Encryption and
Decryption
Plaintext: This is what you want to encrypt
Cipher text: The encrypted output
Enciphering or encryption: The process by which
plaintext is converted into cipher text
Encryption algorithm: The sequence of data processing
steps that go into transforming plaintext into cipher text.
Various parameters used by an encryption algorithm are
derived from a secret key.
Secret key: A secret key is used to set some or all of the
various parameters used by the encryption algorithm. The
important thing to note is that, in classical cryptography, the
same secret key is used for encryption and decryption.
22. Deciphering or decryption: Recovering plaintext from cipher text
Decryption algorithm: The sequence of data processing steps that go
into transforming cipher text back into plaintext. In classical
cryptography, the various parameters used by a decryption algorithm are
derived from the same secret key that was used in the encryption
algorithm.
Cryptography: The many schemes available today for encryption and
decryption
Cryptographic system: Any single scheme for encryption and
decryption.
Cipher: A cipher means the same thing as a “cryptographic system”
Block cipher: A block cipher processes a block of input data at a time
and produces a cipher text block of the same size.
Stream cipher: A stream cipher encrypts data on the fly, usually one
byte at time.
23. 1.2 Classical Encryption Techniques
CLASSIFICATION OF ENCRYPTION TECHNIQUES
Encryption techniques are broadly classified into
Substition technique and Transposition techniques.
Substitution - Substitution means replacing an
element of the plaintext with an element of cipher text.
Transposition - Transposition means rearranging
the order of appearance of the elements of the
plaintext.
24. 1.2.1 Substation Technique
Substitution ciphers encrypt plaintext by
changing the plaintext one piece at a time.
The Caesar Cipher was an early substitution
cipher. In the Caesar Cipher, each character is
shifted three places up. Therefore, A becomes
D and B becomes E, etc…
25. This table shows “VOYAGER” being encrypted
with the Caesar substitution cipher:
26. Plaintext V O Y A G E R
Key +3 +3 +3 +3 +3 +3 +3
Ciphertext Y R B D J H U
A more complex substitution cipher would be created if,
instead of incrementing each character by three, we used
a more complex key. This table shows a simple
substitution cipher with a key of “123”.
27. Plaintext V O Y A G E R
Key +1 +2 +3 +1 +2 +3 +1
Ciphertext W Q B B I H S
28. 1.2.2 Transposition Techniques
All the techniques examined so far involve the
substitution of a ciphertext symbol for a plaintext
symbol. A very different kind of mapping is
achieved by performing some sort of permutation
on the plaintext letters. This technique is referred to
as a transposition cipher.
29. m e m a t r h t g p r y
e t e f e t e o a a t
The encrypted message is
MEMATRHTGPRYETEFETEOAAT
The simplest such cipher is the rail fence technique,
in which the plaintext is written down as a sequence
of diagonals and then read off as a sequence of
rows. For example, to encipher the message "meet
me after the toga party" with a rail fence of depth 2,
we write the following:
30. 1.3 Cryptanalysis, Stream and Block
Ciphers
Cryptanalysis :- Cryptanalysis is the study of
analyzing information systems in order to study the
hidden aspects of the systems. Cryptanalysis is used
to breach cryptographic security systems and gain
access to the contents of encrypted messages, even if
the cryptographic key is unknown.
31. 1.3.1 Stream and Block Ciphers
Idea of a block cipher: Partition the text into
relatively large (e.g. 128 bits) blocks and encode
each block separately. The encoding of each block
generally depends on at most one of the previous
blocks.
• the same “key” is used at each block.
Idea of a stream cipher: Partition the text into
small (e.g. 1 bit) blocks and let the encoding of
each block depend on many previous blocks. • for
each block, a different “key” is generated.
• for each block, a different “key” is generated.
32. 1.4 Modern Block Ciphers
Now look at modern block ciphers
One of the most widely used types of
cryptographic algorithms
Provide secrecy /authentication services
Focus on DES (Data Encryption Standard)
To illustrate block cipher design principles
33. MODERN BLOCK CIPHERS
A symmetric-key modern block cipher encrypts an n-
bit block of plaintext or decrypts an n-bit block of
cipher text. The encryption or decryption algorithm
uses a k-bit key. The common value
for n are 64,128,256
and 512 bits
34. 1.4.1 BLOCK CIPHER PRINCIPLES
Most symmetric block ciphers are based on a Feistel
Cipher Structure
Needed since must be able to decrypt cipher text to
recover messages efficiently
Block ciphers look like an extremely large substitution
Would need table of 264 entries for a 64-bit block
Instead create from smaller building blocks
Using idea of a product cipher
36. 1.5 SHANNON’S THEORY OF CONFUSION
AND DIFFUSION
Claude Shannon suggested that to complicate
statistical attacks, the cryptographer could
dissipate the statistical structure of the plaintext
in the long range statistics of the ciphertext.
Shannon called this process diffusion.
37. Diffusion complicates the statistics of the cipher
text, and makes it difficult to discover the key of the
encryption process.
The process of confusion, makes the use of the
key so complex, that even when an attacker knows
the statistics, it is still difficult to deduce the key.
Confusion can be accomplished by using a
complex substitution algorithm.
Block ciphers, such as the Data Encryption
Standard, makes use of substitution operations.
38. 1.6 FEISTEL STRUCTURE
Horst Feistel devised the Feistel
cipher
based on concept of invertible product
cipher
Partitions input block into two halves
process through multiple rounds
which
perform a substitution on left data half
based on round function of right half
& subkey
then have permutation swapping
halves
Implements Shannon’s S-P net
concept
40. 1.6.2 FEISTEL CIPHER
Feistel Cipher is not a specific scheme of block
cipher. It is a design model from which many
different block ciphers are derived. DES is just
one example of a Feistel Cipher. A cryptographic
system based on Feistel cipher structure uses the
same algorithm for both encryption and
decryption.
Encryption Process
The encryption process uses the Feistel structure
consisting multiple rounds of processing of the
plaintext, each round consisting of a
“substitution” step followed by a permutation
step.
41. 1.6.3 DESIGN FEATURES OF FEISTEL
NETWORK
Block Size: (larger block means greater security) 64 bits.
Key Size:56-128 bits.
Number of Rounds: a single round offers inadequate security, a typical
size is 16 rounds.
Sub-key Generation Algorithms: greater complexity should lead to a
greater difficulty of cryptanalysis.
Round function: Again, greater complexity generally means greater
resistance to cryptanalysis.
Round function: Again, greater complexity generally means greater
resistance to cryptanalysis.
Fast Software encryption/Decryption: the speed of execution of the
algorithm is important.
Ease of Analysis: to be able to develop a higher level of assurance as to
its strength
Decryption: use the same algorithm with reversed keys.
43. 1.7.1 HISTORY
In 1971, IBM developed an algorithm, named
LUCIFER which operates on a block of 64
bits, using a 128-bit key
Walter Tuchman, an IBM researcher,
refined LUCIFER and reduced the key
size to 56-bit, to fit on a chip.
In 1977, the results of Tuchman’s project
of IBM was adopted as the Data
Encryption Standard by NSA (NIST).
44. 1.7.2 DES Design Controversy
Although DES standard is public
Was considerable controversy over design
• in choice of 56-bit key (vs Lucifer 128-bit)
• and because design criteria were classified
Subsequent events and public analysis show in
fact design was appropriate
DES has become widely used, especially in
financial applications
46. 1.7.4 Initial Permutation IP
First step of the data computation
IP reorders the input data bits
Even bits to LH half, odd bits to RH half
Quite regular in structure (easy in h/w)
See text Table 3.2
Example:
IP(675a6967 5e5a6b5a) = (ffb2194d
004df6fb)
47. 1.7.5 DES Round Structure
Uses two 32-bit L & R halves
As for any Feistel cipher can describe as:
Li = Ri–1
Ri = Li–1 xor F(Ri–1, Ki)
Takes 32-bit R half and 48-bit subkey and:
• Expands R to 48-bits using perm E
• Adds to subkey
• Passes through 8 S-boxes to get 32-bit result
• Finally permutes this using 32-bit perm P
49. 1.7.7 Substitution Boxes S
Have eight S-boxes which map 6 to 4 bits
Each S-box is actually 4 little 4 bit boxes
outer bits 1 & 6 (row bits) select one rows
inner bits 2-5 (col bits) are substituted
result is 8 lots of 4 bits, or 32 bits
Row selection depends on both data & key
feature known as autoclaving (autokeying)
example:
S(18 09 12 3d 11 17 38 39)= 5fd25e03
50. 1.7.8 DES Key Schedule
Forms subkeys used in each round
Consists of:
- initial permutation of the key (PC1) which selects
56-bits in two 28-bit halves
- 16 stages consisting of:
•selecting 24-bits from each half
•permuting them by PC2 for use in function f,
•rotating each half separately either 1 or 2 places
depending on the key rotation schedule K
51. 1.7.9 DES Decryption
Decrypt must unwind steps of data computation
With Feistel design, do encryption steps again
Using subkeys in reverse order (SK16 … SK1)
Note that IP undoes final FP step of encryption
1st round with SK16 undoes 16th encrypt round
….
16th round with SK1 undoes 1st encrypt round
Then final FP undoes initial encryption IP
Thus recovering original data value
52. 1.7.10 Avalanche Effect
Key desirable property of encryption algorithm
Where a change of one input or key bit results in
changing approx half output bits
Making attempts to “home-in” by guessing keys
impossible
DES exhibits strong avalanche
53. 1.7.11 Strength of DES – Key Size
56-bit keys have 256 = 7.2 x 1016 values
Brute force search looks hard
Recent advances have shown is possible
• In 1997 on Internet in a few months
• In 1998 on dedicated h/w (EFF) in a few days
• In 1999 above combined in 22hrs!
Still must be able to recognize plaintext
Now considering alternatives to DES
54. 1.7.12 Strength of DES – Timing Attacks
Attacks actual implementation of cipher
Use knowledge of consequences of
implementation to derive knowledge of
some/all subkey bits
Specifically use fact that calculations can
take varying times depending on the value of
the inputs to it
Particularly problematic on smartcards
55. 1.8 Differential and Linear Cryptanalysis
However, if one is fortunate
enough to have a large
quantity of corresponding
plaintext and ciphertext
blocks for a particular
unknown key, a technique
called differential
cryptanalysis.
Linear cryptanalysis, invented by
Mitsuru Matsui, is a different, but
related technique. Instead of
looking for isolated points at
which a block cipher behaves like
something simpler, it involves
trying to create a simpler
approximation to the block cipher
as a whole
Differential Cryptanalysis
Linear Cryptanalysis
56. 1.8.1 Differential Cryptanalysi
A statistical attack against Feistel ciphers
Uses cipher structure not previously used
Design of S-P networks has output of function f
influenced by both input & key
Hence cannot trace values back through cipher
without knowing value of the key
Differential cryptanalysis compares two related
pairs of encryptions (differential)
57. Differential Cryptanalysis
Have some input difference giving some
output difference with probability p
If find instances of some higher probability
input / output difference pairs occurring
Can infer subkey that was used in round
Then must iterate process over many
rounds (with decreasing probabilities)
59. Differential Cryptanalysis
Perform attack by repeatedly encrypting plaintext pairs with
known input XOR until obtain desired output XOR
When found, assume intermediate deltas match
if intermediate rounds match required XOR have a right
pair
if not then have a wrong pair, relative ratio is S/N for attack
Can then deduce keys values for the rounds
right pairs suggest same key bits
wrong pairs give random values
For large numbers of rounds, probability is so low that more
pairs are required than exist with 64-bit inputs
60. 1.8.2 Linear Cryptanalysis
Another fairly recent development
Also a statistical method
Must be iterated over rounds, with
decreasing probabilities
Developed by Matsui et al in early 90's
Based on finding linear approximations
Can attack DES with 243 known plaintexts,
easier but still in practice infeasible
61. Linear Cryptanalysis
Find linear approximations with prob p != ½
P[i1,i2,...,ia] C[j1,j2,...,jb] = K[k1,k2,...,kc]
where ia,jb,kc are bit locations in P,C,K
Gives linear equation for key bits
Get one key bit using max likelihood alg
Using a large number of trial encryptions
Effectiveness given by: |p–1/2|
62. 1.9 Block cipher modes of operations
Modes of Operation
Block ciphers encrypt fixed size blocks
eg. DES encrypts 64-bit blocks, with 56-bit key
Need way to use in practise, given usually have arbitrary
amount of information to encrypt
Partition message into separate block for ciphering
A mode of operation describes the process of
encrypting each of these blocks under a single key
Some modes may use randomized addition input value
63. 1.9.1 Quick History
Early modes of operation: ECB, CBC,
CFB, OFB
DES Modes of operation
Revised and including CTR mode and
AES
Recommendation for Block Cipher Modes of
Operation
New Mode : XTS-AES
Recommendation for Block Cipher Modes of
Operation: The XTS-AES Mode for
Confidentiality on Storage Devices
1981
2001
2010
64. 1.9.2 Modes of Operation Taxonomy
Current well-known modes of operation
65. 1.9.3 Technical Notes
Initialize Vector (IV)
•a block of bits to randomize the encryption and hence to
produce distinct ciphertext
Nonce : Number (used) Once
•Random of psuedorandom number to ensure that past
communications can not be reused in replay attacks
•Some also refer to initialize vector as nonce
Padding
•final block may require a padding to fit a block size
•Method
•Add null Bytes
•Add 0x80 and many 0x00
•Add the n bytes with value n
66. 1.9.4 Electronic Codebook Book (ECB)
Message is broken into independent blocks
which are encrypted
Each block is a value which is substituted, like a
codebook, hence name
Each block is encoded independently of the other
blocks
Ci = EK (Pi)
Uses: secure transmission of single values
68. 1.9.6 Cipher Block Chaining (CBC)
Solve security deficiencies in ECB
Repeated same plaintext block result
different ciphertext block
Each previous cipher blocks is chained to
be input with current plaintext block, hence
name
Use Initial Vector (IV) to start process
Ci = EK (Pi XOR Ci-1)
C0 = IV
70. 1.9.8 Cipher FeedBack (CFB)
Use Initial Vector to start process
Encrypt previous ciphertext , then combined with the plaintext
block using X-OR to produce the current ciphertext
Cipher is fed back (hence name) to concatenate with the rest
of IV
Plaintext is treated as a stream of bits
•Any number of bit (1, 8 or 64 or whatever) to be feed back
(denoted CFB-1, CFB-8, CFB-64)
Relation between plaintext and ciphertext
Ci = Pi XOR SelectLeft(EK (ShiftLeft(Ci-1)))
C0 = IV
Uses: stream data encryption, authentication
73. 1.9.11 CFB as a Stream Cipher
In CFB mode, encipherment and decipherment use the encryption
function of the underlying block cipher.
74. 1.9.12 Output FeedBack (OFB)
Very similar to CFB
But output of the encryption function output of cipher is
fed back (hence name), instead of ciphertext
Feedback is independent of message
Relation between plaintext and ciphertext
Ci = Pi XOR Oi
Oi = EK (Oi-1)
O0 = IV
Uses: stream encryption over noisy channels
76. 1.9.14 OFB as a Stream Cipher
In OFB mode, encipherment and decipherment use the
encryption function of the underlying block cipher.
77. 1.9.15 Counter (CTR)
Encrypts counter value with the key rather than any
feedback value (no feedback)
Counter for each plaintext will be different
can be any function which produces a sequence which is
guaranteed not to repeat for a long time
Relation
Ci = Pi XOR Oi
Oi = EK (i)
Uses: high-speed network encryptions
80. 1.10 Triple Data Encryption Standard
(Triple-DES)
Triple DES is based on the DES algorithm,
therefore it is very easy to modify existing
software to use Triple DES. It also has the
advantage of proven reliability and a longer
key length that eliminates many of the attacks
that can be used to reduce the amount of time
it takes to break DES. However, even this
more powerful version of DES may not be
strong enough to protect data for very much
longer. As such, the DES algorithm itself has
become obsolete and is no longer used.
81. 1.10.1 Triple DES Algorithm
Before using 3TDES, user first generate and distribute a 3TDES key K,
which consists of three different DES keys K1, K2 and K3. This means
that the actual 3TDES key has length 3×56 = 168 bits. The encryption
scheme is illustrated as follows −
82. Triple DES Algorithm
The encryption-decryption process is as follows −
Encrypt the plaintext blocks using single DES with
key K1.
Now decrypt the output of step 1 using single
DES with key K2.
Finally, encrypt the output of step 2 using single
DES with key K3.
The output of step 3 is the ciphertext.
Decryption of a ciphertext is a reverse process.
User first decrypt using K3, then encrypt with
K2, and finally decrypt with K1.
83. CONCLUSION
We start our description of security in distributed systems by
taking a look at some general security issues. First, it is
necessary to define what a secure system is. We distinguish
security policies from security mechanisms , and take a look
at the Globus wide-area system for which a security policy
has been explicitly for-mulated. Our second concern is to
consider some general design issues for secure systems.
Finally, we briefly discuss some cryptographic algorithms,
which play a key role in the design of security protocols
Notes de l'éditeur
The basic process in enciphering a 64-bit data block using the DES, shown on the left side, consists of:
- an initial permutation (IP)
- 16 rounds of a complex key dependent round function involving substitution and permutation functions
- a final permutation, being the inverse of IP
The right side shows the handling of the 56-bit key and consists of:
- an initial permutation of the key (PC1) which selects 56-bits in two 28-bit halves
- 16 stages to generate the subkeys using a left circular shift and a permutation
A more recent development is linear cryptanalysis. This attack is based on finding linear approximations to describe the transformations performed in DES. This method can find a DES key given 2^43 known plaintexts, as compared to 2^47 chosen plaintexts for differential cryptanalysis. Although this is a minor improvement, because it may be easier to acquire known plaintext rather than chosen plaintext, it still leaves linear cryptanalysis infeasible as an attack on DES. Again, this attack uses structure not seen before. So far, little work has been done by other groups to validate the linear cryptanalytic approach
If the data is only available a bit/byte at a time (eg. terminal session, sensor value etc), then must use some other approach to encrypting it, so as not to delay the info. Idea here is to use the block cipher essentially as a pseudo-random number generator (see stream cipher lecture later) and to combine these "random" bits with the message. Note as mentioned before, XOR is an easily inverted operator (just XOR with same thing again to undo). Again start with an IV to get things going, then use the ciphertext as the next input. As originally defined, idea was to "consume" as much of the "random" output as needed for each message unit (bit/byte) before "bumping" bits out of the buffer and re-encrypting. This is wasteful though, and slows the encryption down as more encryptions are needed. An alternate way to think of it is to generate a block of "random" bits, consume them as message bits/bytes arrive, and when they're used up, only then feed a full block of ciphertext back. This is CFB-64 mode, the most efficient. This is the usual choice for quantities of stream oriented data, and for authentication use.