This document provides an introduction and overview of information system security. It covers topics such as security attacks, services, and mechanisms. The document is divided into multiple units that cover encryption techniques like the Data Encryption Standard (DES) and advanced topics such as public key cryptosystems, hash functions, and IP security. DES encryption is explained in detail, covering aspects like its history, design, encryption process, key generation, decryption, and strengths/limitations. Feistel ciphers and their design principles are also summarized.

1. INFORMATION SYSTEM SECURITY
BY
SUDHANSHU VASHISTHA
ASST. PROF.CSE

2. INTRODUCTION OF SUBJECT
INFORMATION
SYSTEM
SECURITY
Data can be defined as a representation of facts,
concepts or instructions in a formalized manner which
should be suitable for communication, interpretation,
or processing by human or electronic machine
A set of detailed methods, procedures and routines
created to carry out a specific activity, perform a
duty, or solve a problem.
In information technology, security is the protection
of information assets through the use of technology,
processes, and training.

3. INDEX
UNIT 1:- Introduction to security attacks
UNIT 2:- AES, RC6, random number generation
UNIT 3:- Public Key Cryptosystems
UNIT 4:- Message Authentication and Hash Function
UNIT 5:- Pretty Good Privacy, IP Security

4. UNIT 1-CONTENTS
1.1 Introduction to security attacks Services and mechanism
1.1.1 Security Attacks
1.1.2 Passive and Active Attacks
1.1.3 Passive Attack
1.1.4 Active Attack
1.1.5 Security Services
1.1.6 Basic Vocabulary of Encryption and Decryption
1.2 Classical encryption techniques
1.2.1 Substation Technique
1.2.2 Transposition Techniques
1.3 Cryptanalysis, stream and block ciphers
1.3.1 Stream and Block Ciphers
1.4 Modern Block Ciphers: Block ciphers principals
1.4.1 Block Cipher Principles
1.4.2 Ideal Block Cipher
1.5 Shannon’s theory of confusion and diffusion

5. 1.6 Fiestal structure
1.6.1 Feistel Cipher Structure
1.6.2 Feistel Cipher
1.6.3 Design Features of Feistel Network
1.7 Data encryption standard(DES)
1.7.1 History
1.7.2 DES Design Controversy
1.7.3 DES Encryption
1.7.4 Initial Permutation IP
1.7.5 DES Round Structure
1.7.6 DES Round Structure
1.7.7 Substitution Boxes S
1.7.8 DES Key Schedule
1.7.9 DES Decryption
1.7.11 Strength of DES – Key Size
1.7.12 Strength of DES – Timing Attacks
1.8 Differential and linear cryptanalysis of DES
1.8.1 Differential Cryptanalysi
1.8.2 Linear Cryptanalysis

6. 1.9 Block cipher modes of operations.
1.9.1 Quick History
1.9.2 Modes of Operation Taxonomy
1.9.3 Technical Notes
1.9.4 Electronic Codebook Book (ECB)
1.9.5 ECB Scheme
1.9.6 Cipher Block Chaining (CBC)
1.9.7 CBC Scheme
1.9.8 Cipher FeedBack (CFB)
1.9.9 CFB Scheme
1.9.10 CFB Encryption/Decryption
1.9.11 CFB as a Stream Cipher
1.9.12 Output FeedBack (OFB)
1.9.13 OFB Scheme
1.9.14 OFB as a Stream Cipher
1.9.15 Counter (CTR)
1.9.16 CTR Scheme
1.9.17 OFB as a Stream Cipher
1.10 Triple Data Encryption Standard (Triple-DES)
1.10.1 Triple DES Algorithm

7. 1.1 INTRODUCTION TO SECURITY
ATTACKS SERVICES AND MECHANISM
Three aspects of Information Security:
Security Attack: Any
action that
Compromises the
Security of Information
Security Mechanism:
a mechanism that is
designed to detect,
prevent or recover
from a security attack.
Security Service: A
Service that enhances
the security of data
processing systems and
information transfers. A
security services makes
use of one or more
security mechanisms.

8. 1.1.1 SECURITY ATTACKS

9. SECURITY ATTACKS
 Interruption: This is an attack on availability
 Interception: This is an attack on confidentiality
 Modfication: This is an attack on integtrity
 Fabrication: This is an attack on authenticity

10. Security Attacks
Interruption: An asset of the system is destroyed
or becomes unavailable or unusable.
 This is an attack or availability
Examples:
 Destroying some H/W (disk or wire)
 Disabling file system.
 Swamping a computer with jobs or
communication link with packets.

11. Security Attacks
Interception:-An unauthorized part gain access
to an asset.
 This is an attacks on confidentiality
Example:-
Wiretapping to capture data in a network.
Illicitly copying data or programs.

12. Security Attacks
Modification: an unauthorized part gains
access and tampers an asset.
This is an attack on integrity.
Examples:
Changing data files.
Altering a program.
Altering the contents of a message.

13. Security Attacks
Fabrication: An unauthorized party inserts a
counterfeit object into the system.
This is an attack on authenticity.
Examples:
Insertion of records in data files.
Insertion of spurious messages in a network.
(message replay)

14. SECURITY ATTACKS

15. 1.1.2 PASSIVE AND ACTIVE ATTACKS
 Active attacksPassive attacks
• No modification of content or fabrication
• Eavesdropping to learn contents or other information
(transfer patterns, traffic flows etc.)
• Modification of content and/or participation in
communication to
•Impersonate legitimate parties
•Modify the content in transit
•Launch denial of service attacks

16. 1.1.3 PASSIVE ATTACKS

17. PASSIVE ATTACKS

18. 1.1.4 ACTIVE ATTACKS

19. ACTIVE ATTACKS

20. 1.1.6 SECURITY SERVICES
 A security service is a service provided by the
protocol layer of a communicating system (X.800)
 5 Categories
 Authentication
 Access Control
 Data confidentiality
 Data Integrity
 Nonrepudiation (and Availability)

21. 1.1.7 Basic Vocabulary of Encryption and
Decryption
 Plaintext: This is what you want to encrypt
 Cipher text: The encrypted output
 Enciphering or encryption: The process by which
plaintext is converted into cipher text
 Encryption algorithm: The sequence of data processing
steps that go into transforming plaintext into cipher text.
Various parameters used by an encryption algorithm are
derived from a secret key.
 Secret key: A secret key is used to set some or all of the
various parameters used by the encryption algorithm. The
important thing to note is that, in classical cryptography, the
same secret key is used for encryption and decryption.

22.  Deciphering or decryption: Recovering plaintext from cipher text
 Decryption algorithm: The sequence of data processing steps that go
into transforming cipher text back into plaintext. In classical
cryptography, the various parameters used by a decryption algorithm are
derived from the same secret key that was used in the encryption
algorithm.
 Cryptography: The many schemes available today for encryption and
decryption
 Cryptographic system: Any single scheme for encryption and
decryption.
 Cipher: A cipher means the same thing as a “cryptographic system”
 Block cipher: A block cipher processes a block of input data at a time
and produces a cipher text block of the same size.
 Stream cipher: A stream cipher encrypts data on the fly, usually one
byte at time.

23. 1.2 Classical Encryption Techniques
CLASSIFICATION OF ENCRYPTION TECHNIQUES
Encryption techniques are broadly classified into
Substition technique and Transposition techniques.
 Substitution - Substitution means replacing an
element of the plaintext with an element of cipher text.
 Transposition - Transposition means rearranging
the order of appearance of the elements of the
plaintext.

24. 1.2.1 Substation Technique
Substitution ciphers encrypt plaintext by
changing the plaintext one piece at a time.
The Caesar Cipher was an early substitution
cipher. In the Caesar Cipher, each character is
shifted three places up. Therefore, A becomes
D and B becomes E, etc…

25. This table shows “VOYAGER” being encrypted
with the Caesar substitution cipher:

26. Plaintext V O Y A G E R
Key +3 +3 +3 +3 +3 +3 +3
Ciphertext Y R B D J H U
A more complex substitution cipher would be created if,
instead of incrementing each character by three, we used
a more complex key. This table shows a simple
substitution cipher with a key of “123”.

27. Plaintext V O Y A G E R
Key +1 +2 +3 +1 +2 +3 +1
Ciphertext W Q B B I H S

28. 1.2.2 Transposition Techniques
All the techniques examined so far involve the
substitution of a ciphertext symbol for a plaintext
symbol. A very different kind of mapping is
achieved by performing some sort of permutation
on the plaintext letters. This technique is referred to
as a transposition cipher.

29. m e m a t r h t g p r y
e t e f e t e o a a t
The encrypted message is
MEMATRHTGPRYETEFETEOAAT
The simplest such cipher is the rail fence technique,
in which the plaintext is written down as a sequence
of diagonals and then read off as a sequence of
rows. For example, to encipher the message "meet
me after the toga party" with a rail fence of depth 2,
we write the following:

30. 1.3 Cryptanalysis, Stream and Block
Ciphers
Cryptanalysis :- Cryptanalysis is the study of
analyzing information systems in order to study the
hidden aspects of the systems. Cryptanalysis is used
to breach cryptographic security systems and gain
access to the contents of encrypted messages, even if
the cryptographic key is unknown.

31. 1.3.1 Stream and Block Ciphers
Idea of a block cipher: Partition the text into
relatively large (e.g. 128 bits) blocks and encode
each block separately. The encoding of each block
generally depends on at most one of the previous
blocks.
• the same “key” is used at each block.
Idea of a stream cipher: Partition the text into
small (e.g. 1 bit) blocks and let the encoding of
each block depend on many previous blocks. • for
each block, a different “key” is generated.
• for each block, a different “key” is generated.

32. 1.4 Modern Block Ciphers
Now look at modern block ciphers
One of the most widely used types of
cryptographic algorithms
Provide secrecy /authentication services
Focus on DES (Data Encryption Standard)
To illustrate block cipher design principles

33. MODERN BLOCK CIPHERS
A symmetric-key modern block cipher encrypts an n-
bit block of plaintext or decrypts an n-bit block of
cipher text. The encryption or decryption algorithm
uses a k-bit key. The common value
for n are 64,128,256
and 512 bits

34. 1.4.1 BLOCK CIPHER PRINCIPLES
 Most symmetric block ciphers are based on a Feistel
Cipher Structure
 Needed since must be able to decrypt cipher text to
recover messages efficiently
 Block ciphers look like an extremely large substitution
 Would need table of 264 entries for a 64-bit block
 Instead create from smaller building blocks
 Using idea of a product cipher

35. 1.4.2 IDEAL BLOCK CIPHER
permutation

36. 1.5 SHANNON’S THEORY OF CONFUSION
AND DIFFUSION
 Claude Shannon suggested that to complicate
statistical attacks, the cryptographer could
dissipate the statistical structure of the plaintext
in the long range statistics of the ciphertext.
 Shannon called this process diffusion.

37.  Diffusion complicates the statistics of the cipher
text, and makes it difficult to discover the key of the
encryption process.
 The process of confusion, makes the use of the
key so complex, that even when an attacker knows
the statistics, it is still difficult to deduce the key.
 Confusion can be accomplished by using a
complex substitution algorithm.
 Block ciphers, such as the Data Encryption
Standard, makes use of substitution operations.

38. 1.6 FEISTEL STRUCTURE
 Horst Feistel devised the Feistel
cipher
 based on concept of invertible product
cipher
 Partitions input block into two halves
 process through multiple rounds
which
 perform a substitution on left data half
 based on round function of right half
& subkey
 then have permutation swapping
halves
 Implements Shannon’s S-P net
concept

39. 1.6.1 FEISTEL CIPHER STRUCTURE

40. 1.6.2 FEISTEL CIPHER
Feistel Cipher is not a specific scheme of block
cipher. It is a design model from which many
different block ciphers are derived. DES is just
one example of a Feistel Cipher. A cryptographic
system based on Feistel cipher structure uses the
same algorithm for both encryption and
decryption.
Encryption Process
The encryption process uses the Feistel structure
consisting multiple rounds of processing of the
plaintext, each round consisting of a
“substitution” step followed by a permutation
step.

41. 1.6.3 DESIGN FEATURES OF FEISTEL
NETWORK
 Block Size: (larger block means greater security) 64 bits.
 Key Size:56-128 bits.
 Number of Rounds: a single round offers inadequate security, a typical
size is 16 rounds.
 Sub-key Generation Algorithms: greater complexity should lead to a
greater difficulty of cryptanalysis.
 Round function: Again, greater complexity generally means greater
resistance to cryptanalysis.
 Round function: Again, greater complexity generally means greater
resistance to cryptanalysis.
 Fast Software encryption/Decryption: the speed of execution of the
algorithm is important.
 Ease of Analysis: to be able to develop a higher level of assurance as to
its strength
 Decryption: use the same algorithm with reversed keys.

42. 1.7 DATA ENCRYPTION
STANDARD(DES)
Outline
 History
 Encryption
 Key Generation
 Decryption
 Strength of DES
 Ultimate

43. 1.7.1 HISTORY
In 1971, IBM developed an algorithm, named
LUCIFER which operates on a block of 64
bits, using a 128-bit key
Walter Tuchman, an IBM researcher,
refined LUCIFER and reduced the key
size to 56-bit, to fit on a chip.
In 1977, the results of Tuchman’s project
of IBM was adopted as the Data
Encryption Standard by NSA (NIST).

44. 1.7.2 DES Design Controversy
 Although DES standard is public
 Was considerable controversy over design
• in choice of 56-bit key (vs Lucifer 128-bit)
• and because design criteria were classified
 Subsequent events and public analysis show in
fact design was appropriate
 DES has become widely used, especially in
financial applications

45. 1.7.3 DES Encryption

46. 1.7.4 Initial Permutation IP
 First step of the data computation
 IP reorders the input data bits
 Even bits to LH half, odd bits to RH half
 Quite regular in structure (easy in h/w)
 See text Table 3.2
 Example:
IP(675a6967 5e5a6b5a) = (ffb2194d
004df6fb)

47. 1.7.5 DES Round Structure
 Uses two 32-bit L & R halves
 As for any Feistel cipher can describe as:
Li = Ri–1
Ri = Li–1 xor F(Ri–1, Ki)
 Takes 32-bit R half and 48-bit subkey and:
• Expands R to 48-bits using perm E
• Adds to subkey
• Passes through 8 S-boxes to get 32-bit result
• Finally permutes this using 32-bit perm P

48. 1.7.6 DES Round Structure

49. 1.7.7 Substitution Boxes S
 Have eight S-boxes which map 6 to 4 bits
 Each S-box is actually 4 little 4 bit boxes
outer bits 1 & 6 (row bits) select one rows
inner bits 2-5 (col bits) are substituted
result is 8 lots of 4 bits, or 32 bits
 Row selection depends on both data & key
feature known as autoclaving (autokeying)
example:
S(18 09 12 3d 11 17 38 39)= 5fd25e03

50. 1.7.8 DES Key Schedule
Forms subkeys used in each round
Consists of:
- initial permutation of the key (PC1) which selects
56-bits in two 28-bit halves
- 16 stages consisting of:
•selecting 24-bits from each half
•permuting them by PC2 for use in function f,
•rotating each half separately either 1 or 2 places
depending on the key rotation schedule K

51. 1.7.9 DES Decryption
 Decrypt must unwind steps of data computation
 With Feistel design, do encryption steps again
 Using subkeys in reverse order (SK16 … SK1)
 Note that IP undoes final FP step of encryption
 1st round with SK16 undoes 16th encrypt round
 ….
 16th round with SK1 undoes 1st encrypt round
 Then final FP undoes initial encryption IP
 Thus recovering original data value

52. 1.7.10 Avalanche Effect
 Key desirable property of encryption algorithm
 Where a change of one input or key bit results in
changing approx half output bits
 Making attempts to “home-in” by guessing keys
impossible
 DES exhibits strong avalanche

53. 1.7.11 Strength of DES – Key Size
 56-bit keys have 256 = 7.2 x 1016 values
 Brute force search looks hard
 Recent advances have shown is possible
• In 1997 on Internet in a few months
• In 1998 on dedicated h/w (EFF) in a few days
• In 1999 above combined in 22hrs!
Still must be able to recognize plaintext
 Now considering alternatives to DES

54. 1.7.12 Strength of DES – Timing Attacks
 Attacks actual implementation of cipher
 Use knowledge of consequences of
implementation to derive knowledge of
some/all subkey bits
 Specifically use fact that calculations can
take varying times depending on the value of
the inputs to it
 Particularly problematic on smartcards

55. 1.8 Differential and Linear Cryptanalysis
However, if one is fortunate
enough to have a large
quantity of corresponding
plaintext and ciphertext
blocks for a particular
unknown key, a technique
called differential
cryptanalysis.
Linear cryptanalysis, invented by
Mitsuru Matsui, is a different, but
related technique. Instead of
looking for isolated points at
which a block cipher behaves like
something simpler, it involves
trying to create a simpler
approximation to the block cipher
as a whole
Differential Cryptanalysis
Linear Cryptanalysis

56. 1.8.1 Differential Cryptanalysi
 A statistical attack against Feistel ciphers
 Uses cipher structure not previously used
 Design of S-P networks has output of function f
influenced by both input & key
 Hence cannot trace values back through cipher
without knowing value of the key
 Differential cryptanalysis compares two related
pairs of encryptions (differential)

57. Differential Cryptanalysis
 Have some input difference giving some
output difference with probability p
 If find instances of some higher probability
input / output difference pairs occurring
 Can infer subkey that was used in round
 Then must iterate process over many
rounds (with decreasing probabilities)

58. Differential Cryptanalysis
Input round i
Input round i+1
Overall probabilty
of given output
difference is
(0.25)(1.0)(0.25)
= 0.0625

59. Differential Cryptanalysis
 Perform attack by repeatedly encrypting plaintext pairs with
known input XOR until obtain desired output XOR
 When found, assume intermediate deltas match
 if intermediate rounds match required XOR have a right
pair
 if not then have a wrong pair, relative ratio is S/N for attack
 Can then deduce keys values for the rounds
 right pairs suggest same key bits
 wrong pairs give random values
 For large numbers of rounds, probability is so low that more
pairs are required than exist with 64-bit inputs

60. 1.8.2 Linear Cryptanalysis
 Another fairly recent development
 Also a statistical method
 Must be iterated over rounds, with
decreasing probabilities
 Developed by Matsui et al in early 90's
 Based on finding linear approximations
 Can attack DES with 243 known plaintexts,
easier but still in practice infeasible

61. Linear Cryptanalysis
 Find linear approximations with prob p != ½
P[i1,i2,...,ia] C[j1,j2,...,jb] = K[k1,k2,...,kc]
where ia,jb,kc are bit locations in P,C,K
 Gives linear equation for key bits
 Get one key bit using max likelihood alg
 Using a large number of trial encryptions
 Effectiveness given by: |p–1/2|

62. 1.9 Block cipher modes of operations
Modes of Operation
Block ciphers encrypt fixed size blocks
eg. DES encrypts 64-bit blocks, with 56-bit key
Need way to use in practise, given usually have arbitrary
amount of information to encrypt
Partition message into separate block for ciphering
A mode of operation describes the process of
encrypting each of these blocks under a single key
Some modes may use randomized addition input value

63. 1.9.1 Quick History
Early modes of operation: ECB, CBC,
CFB, OFB
DES Modes of operation
Revised and including CTR mode and
AES
Recommendation for Block Cipher Modes of
Operation
New Mode : XTS-AES
Recommendation for Block Cipher Modes of
Operation: The XTS-AES Mode for
Confidentiality on Storage Devices
1981
2001
2010

64. 1.9.2 Modes of Operation Taxonomy
Current well-known modes of operation

65. 1.9.3 Technical Notes
Initialize Vector (IV)
•a block of bits to randomize the encryption and hence to
produce distinct ciphertext
Nonce : Number (used) Once
•Random of psuedorandom number to ensure that past
communications can not be reused in replay attacks
•Some also refer to initialize vector as nonce
Padding
•final block may require a padding to fit a block size
•Method
•Add null Bytes
•Add 0x80 and many 0x00
•Add the n bytes with value n

66. 1.9.4 Electronic Codebook Book (ECB)
Message is broken into independent blocks
which are encrypted
Each block is a value which is substituted, like a
codebook, hence name
Each block is encoded independently of the other
blocks
Ci = EK (Pi)
Uses: secure transmission of single values

67. 1.9.5 ECB Scheme

68. 1.9.6 Cipher Block Chaining (CBC)
Solve security deficiencies in ECB
Repeated same plaintext block result
different ciphertext block
Each previous cipher blocks is chained to
be input with current plaintext block, hence
name
Use Initial Vector (IV) to start process
Ci = EK (Pi XOR Ci-1)
C0 = IV

69. 1.9.7 CBC Scheme

70. 1.9.8 Cipher FeedBack (CFB)
Use Initial Vector to start process
Encrypt previous ciphertext , then combined with the plaintext
block using X-OR to produce the current ciphertext
Cipher is fed back (hence name) to concatenate with the rest
of IV
Plaintext is treated as a stream of bits
•Any number of bit (1, 8 or 64 or whatever) to be feed back
(denoted CFB-1, CFB-8, CFB-64)
Relation between plaintext and ciphertext
Ci = Pi XOR SelectLeft(EK (ShiftLeft(Ci-1)))
C0 = IV
Uses: stream data encryption, authentication

71. 1.9.9 CFB Scheme

72. 1.9.10 CFB Encryption/Decryption

73. 1.9.11 CFB as a Stream Cipher
In CFB mode, encipherment and decipherment use the encryption
function of the underlying block cipher.

74. 1.9.12 Output FeedBack (OFB)
 Very similar to CFB
 But output of the encryption function output of cipher is
fed back (hence name), instead of ciphertext
 Feedback is independent of message
 Relation between plaintext and ciphertext
Ci = Pi XOR Oi
Oi = EK (Oi-1)
O0 = IV
 Uses: stream encryption over noisy channels

75. 1.9.13 OFB Scheme

76. 1.9.14 OFB as a Stream Cipher
In OFB mode, encipherment and decipherment use the
encryption function of the underlying block cipher.

77. 1.9.15 Counter (CTR)
Encrypts counter value with the key rather than any
feedback value (no feedback)
Counter for each plaintext will be different
 can be any function which produces a sequence which is
guaranteed not to repeat for a long time
Relation
Ci = Pi XOR Oi
Oi = EK (i)
Uses: high-speed network encryptions

78. 1.9.16 CTR Scheme

79. 1.9.17 OFB as a Stream Cipher

80. 1.10 Triple Data Encryption Standard
(Triple-DES)
Triple DES is based on the DES algorithm,
therefore it is very easy to modify existing
software to use Triple DES. It also has the
advantage of proven reliability and a longer
key length that eliminates many of the attacks
that can be used to reduce the amount of time
it takes to break DES. However, even this
more powerful version of DES may not be
strong enough to protect data for very much
longer. As such, the DES algorithm itself has
become obsolete and is no longer used.

81. 1.10.1 Triple DES Algorithm
Before using 3TDES, user first generate and distribute a 3TDES key K,
which consists of three different DES keys K1, K2 and K3. This means
that the actual 3TDES key has length 3×56 = 168 bits. The encryption
scheme is illustrated as follows −

82. Triple DES Algorithm
The encryption-decryption process is as follows −
Encrypt the plaintext blocks using single DES with
key K1.
Now decrypt the output of step 1 using single
DES with key K2.
Finally, encrypt the output of step 2 using single
DES with key K3.
The output of step 3 is the ciphertext.
Decryption of a ciphertext is a reverse process.
User first decrypt using K3, then encrypt with
K2, and finally decrypt with K1.

83. CONCLUSION
We start our description of security in distributed systems by
taking a look at some general security issues. First, it is
necessary to define what a secure system is. We distinguish
security policies from security mechanisms , and take a look
at the Globus wide-area system for which a security policy
has been explicitly for-mulated. Our second concern is to
consider some general design issues for secure systems.
Finally, we briefly discuss some cryptographic algorithms,
which play a key role in the design of security protocols